WO2019196921A1 - Quantum key distribution method, device and storage medium - Google Patents
Quantum key distribution method, device and storage medium Download PDFInfo
- Publication number
- WO2019196921A1 WO2019196921A1 PCT/CN2019/082405 CN2019082405W WO2019196921A1 WO 2019196921 A1 WO2019196921 A1 WO 2019196921A1 CN 2019082405 W CN2019082405 W CN 2019082405W WO 2019196921 A1 WO2019196921 A1 WO 2019196921A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- node
- routing path
- quantum key
- target
- target routing
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N10/00—Quantum computing, i.e. information processing based on quantum-mechanical phenomena
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0855—Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/76—Proxy, i.e. using intermediary entity to perform cryptographic operations
Definitions
- the present application relates to the field of quantum communications, and in particular, to a quantum key distribution method, device, and storage medium.
- Quantum secret communication is the product of the combination of quantum characteristics and traditional cryptography. It uses the basic principles and characteristics of quantum mechanics to ensure the security of communication. After more than 30 years of development, quantum secure communication is currently coming to market for practical use.
- FIG. 1 is a schematic diagram showing a prior art quantum key distribution method.
- the routing path includes a source node A 1 , a relay node A 2 , a relay node A 3 , and a destination node A 4 .
- K 1 is the quantum key to be shared between the source node A 1 and the destination node A 4 and needs to be transmitted from the source node A 1 to the destination node A 4 .
- K A1A2 is the source node and the relay node A 1 A 2 A private key shared.
- a 2 using the relay node K 2 of the decryption K A1A2, A2A3 K after use to encrypt K 1, K 3 obtained, and the resultant is transmitted to the relay node K 3 A 3, wherein, the relay node K A 2 A2A3 A private key shared with relay node A 3 .
- the quantum key K 1 to be shared between the source node A 1 and the destination node A 4 is decrypted at each intermediate node, and the security is poor.
- the embodiment of the present invention provides a quantum key distribution method, device, and storage medium, which can solve the problem of poor security of quantum key distribution between nodes in the prior art.
- an embodiment of the present application provides a quantum key distribution method, where the method includes:
- the i-th node determines, according to the first correspondence, a first quantum key corresponding to the i-th node of the target routing path, where the i-th node is the i-th node in the target routing path; the i-th node of the target routing path
- the first quantum key corresponding to the node is a quantum key shared between the i th node acquired by the i th node and the i th th node in the target routing path, and the first correspondence relationship includes the i th node
- the correspondence between the N routing paths and the N first quantum keys corresponding to the i-th node, the N routing paths and the N first quantum keys corresponding to the i-th node are in one-to-one correspondence, and the target routing path is N A routing path in a routing path, where N is a positive integer and i is a positive integer;
- the i-th node determines a second quantum key corresponding to the i-th node of the target routing path according to the second correspondence, and the second quantum key corresponding to the i-th node of the target routing path is obtained by the i-th node a quantum key shared between the i-th node and the i+1th node in the target routing path, and the second correspondence relationship includes N second quantum paths corresponding to the i-th node through the N routing paths of the i-th node Corresponding relationship between the keys, the N routing paths and the N second quantum keys corresponding to the i-th node are in one-to-one correspondence;
- the i-th node generates a third corresponding to the i-th node of the target routing path according to the first quantum key corresponding to the i-th node of the target routing path and the second quantum key corresponding to the i-th node of the target routing path Quantum key
- the i-th node sends the third quantum key corresponding to the i-th node of the target routing path to the target node of the target routing path; or the i-th node uses the third quantum-density corresponding to the i-th node of the target routing path
- the key encrypts the received first ciphertext from the i-1th node in the target routing path, and sends the obtained second ciphertext corresponding to the i th node to the i+1th in the target routing path.
- the first ciphertext received by the i-th node from the i-th node in the target routing path is the second ciphertext corresponding to the i-th node sent by the i-1th node;
- the 0th node is the source node of the target routing path
- the second ciphertext corresponding to the source node of the target routing path is the second quantum key corresponding to the source node of the target routing path to the target routing path.
- the quantum key to be shared between the source node and the target node of the target routing path is encrypted
- the second quantum key corresponding to the i-1th node in the target routing path is the same as the first quantum key corresponding to the i th node of the target routing path; and the i th node corresponding to the target routing path corresponds to The second quantum key is the same as the first quantum key corresponding to the i+1th node of the target routing path.
- the second ciphertext corresponding to the source node of the target routing path is the second quantum key corresponding to the source node of the target routing path, and the source node of the target routing path and the target node of the target routing path are to be used.
- Encrypted by the shared quantum key and the second ciphertext corresponding to the i-1th node sent by the i-1th node is the i-1th node from the target routing path received by the i th node The first ciphertext.
- the i-th node sends the third quantum key corresponding to the i-th node of the target routing path to the target node of the target routing path; or; the i-th node uses the i-th node of the target routing path to the third quantum key pair
- the received first ciphertext from the i-1th node in the target routing path is encrypted, and the second ciphertext corresponding to the obtained i th node is sent to the i+1th node in the target routing path. It can be seen that the i-th node does not decrypt the received first ciphertext, that is, the quantum key to be shared between the source node and the target node of the target routing path does not fall on the node, thus improving the quantum key distribution. safety.
- N is an integer greater than 1
- the first routing path and the second routing path in the N routing paths through the i-th node the i-th node of the first routing path
- the corresponding first quantum key is different from the first quantum key corresponding to the i th node of the second routing path; the second quantum key corresponding to the i th node of the first routing path and the i th second of the second routing path
- the second quantum key corresponding to each node is different.
- the node allocates a corresponding quantum key for the routing path, thereby implementing one-time and one-time density, which can further improve the security of quantum key distribution.
- the method further includes: the i th node receiving the centralized controller or the target And indicating, by the i-th node in the routing path, that the i-th node of the target routing path in the first correspondence corresponds to the first quantum key of the target routing path; or; the i-th node is configured according to The acquired network topology information of the quantum communication system and the first preset rule determine that the i-th node of the target routing path in the first correspondence corresponds to the first quantum key of the target routing path. It can be seen that the first quantum key corresponding to the node of the routing path can be determined through various schemes, thereby improving the flexibility of the scheme.
- the i-th node determines, according to the acquired network topology information of the quantum communication system and the first preset rule, the first routing target path of the i-th node of the target routing path in the first correspondence relationship.
- a quantum key comprising: an order relationship between the number of the nth i-1th nodes in the N routing paths through the i-th node, and N routing paths through the i-th node according to the i-th node The ordering relationship between the numbers of the nth i+1th nodes in the middle, and the ordering relationship between the numbers of the N routing paths through the i-th node, determine the N routing paths through the i-th node Sorting, and sequentially determining the first quantum key corresponding to the i-th node of the target routing path; or; the i-th node according to the N th+1th nodes of the N routing paths passing through the i-th node The ordering relationship between the numbers, and the ordering relationship between the numbers of the N routing paths
- the multiple routing paths of the i-th node can be sorted in multiple manners, and then the first quantum key corresponding to the i-th node of the target routing path is sequentially determined according to the sorting of the routing path, thereby The convenience and flexibility of determining the first quantum key corresponding to the i-th node of the routing path can be improved.
- the method further includes: the i th node receiving the centralized controller or the target And the indication information of the second quantum key corresponding to the i th node of the target routing path in the second correspondence relationship sent by the i+1th node corresponding to the routing path; or the ith node according to the acquired quantum
- the network topology information of the communication system and the second preset rule determine a second quantum key corresponding to the i-th node of the target routing path in the second correspondence. It can be seen that the second quantum key corresponding to the node of the routing path can be determined through various schemes, thereby improving the flexibility of the scheme.
- the i-th node determines the e-th through the order relationship between the numbers of the W routing paths of the i-th node passing through the i-th node and the target routing path. Sorting the W routing paths of the i+1th node in the node and the target routing path, and sequentially determining the second quantum key corresponding to the i th node of the target routing path; W is a positive integer not greater than N Or; the i-th node according to the ordering relationship between the numbers of the W i+2 nodes in the W routing paths of the i+1th node passing through the i-th node and the target routing path, and The ordering relationship between the number of the W routing paths of the i-th node and the i+1th node in the target routing path, and determining the e-th node in the i-th node and the target routing path Sorting the routing paths, and sequentially determining the second quantum key corresponding to the i-th node of the target routing
- the multiple routing paths of the i-th node can be sorted in multiple manners, and then the second quantum key corresponding to the i-th node of the target routing path is sequentially determined according to the sorting of the routing path, thereby The convenience and flexibility of determining the second quantum key corresponding to the i-th node of the routing path can be improved.
- the i-th node uses the third quantum key pair corresponding to the i-th node of the target routing path to receive the first from the i-1th node in the target routing path.
- the first algorithm for encrypting the ciphertext satisfies the formula (1) in the following specific embodiment, so that the destination node can obtain the quantum key to be shared after decrypting the received first ciphertext, and the detailed detailed analysis is performed.
- the process reference may be made to the description in the following specific embodiments, and details are not described herein again.
- an embodiment of the present application provides a quantum key distribution device, where the quantum key distribution device includes a memory, a transceiver, and a processor, wherein: the memory is used to store the instruction; the processor is configured to execute the instruction stored in the memory, and The control transceiver performs signal reception and signal transmission, and the quantum key distribution device is configured to perform the method of any of the above first aspect or the first aspect when the processor executes the instruction stored in the memory.
- the embodiment of the present application provides a quantum key distribution device, which is used to implement any one of the foregoing first aspect or the first aspect, including a corresponding functional module, respectively, for implementing the steps in the foregoing method.
- the functions can be implemented in hardware or in hardware by executing the corresponding software.
- the hardware or software includes one or more modules corresponding to the functions described above.
- the structure of the quantum key distribution device includes a processing unit and a transceiver unit, and the units can perform the corresponding functions in the foregoing method examples.
- the units can perform the corresponding functions in the foregoing method examples.
- the processing unit and a transceiver unit can perform the corresponding functions in the foregoing method examples.
- the embodiment of the present application provides a computer storage medium, where the computer storage medium stores instructions, when the computer is running on the computer, causing the computer to perform the method in the first aspect or any possible implementation manner of the first aspect. .
- an embodiment of the present application provides a computer program product comprising instructions, when executed on a computer, causing a computer to perform the method of the first aspect or any possible implementation of the first aspect.
- FIG. 1 is a schematic diagram showing a prior art quantum key distribution method
- FIG. 2 is a schematic structural diagram of a quantum communication system according to an embodiment of the present application.
- FIG. 3 is a schematic flowchart diagram of a method for allocating a quantum key according to an embodiment of the present application
- FIG. 4 is a schematic diagram of a quantum key distribution method for the routing path L 2 of FIG. 2 according to an embodiment of the present application;
- FIG. 5 is a schematic diagram of another quantum key distribution method for the routing path L 2 of FIG. 2 according to an embodiment of the present disclosure
- FIG. 6 is a schematic diagram of a first correspondence corresponding to a node D generated by a node D in FIG. 2 according to the embodiment of the present application;
- FIG. 7 is a schematic diagram of a first quantum key corresponding to a node D that generates a routing path L 2 by using the node a3-2 in the embodiment D3 of FIG. 2 in the embodiment of the present application;
- FIG. 8 is a schematic diagram of a first quantum key corresponding to a node D that generates a routing path L 2 by using the node a3-3 in the embodiment D3 of FIG. 2 in the embodiment of the present application;
- FIG. 9 is a schematic diagram of a second correspondence corresponding to the node D of the embodiment D3-1 of FIG. 2 in the embodiment of the present application.
- FIG. 10 is a schematic diagram of a first correspondence corresponding to a node E generated by a node E in Embodiment A3-1 of FIG. 2 in the embodiment of the present application;
- FIG. 11 is a schematic diagram of a second quantum key corresponding to a node D that generates a routing path L 2 by using the embodiment b3-2 of the node D in FIG. 2 in the embodiment of the present application;
- FIG. 12 is a schematic structural diagram of a local area network division in quantum communication according to an embodiment of the present disclosure.
- FIG. 13 is a schematic structural diagram of a quantum key distribution apparatus according to an embodiment of the present disclosure.
- FIG. 14 is a schematic structural diagram of another quantum key distribution apparatus according to an embodiment of the present disclosure.
- FIG. 2 exemplarily shows a schematic diagram of a quantum communication system architecture provided by an embodiment of the present application.
- the quantum communication system includes multiple nodes, such as a node B, a node C, a node D, and a node E.
- Node F Node G, Node H, Node P, Node Q, and Node R.
- a plurality of routing paths may be formed between multiple nodes, and nodes other than the source node and the destination node in one routing path may be referred to as relay nodes.
- a node may act as a source node in one routing path and as a relay node or destination node in another routing path.
- FIG. 2 exemplarily shows a schematic diagram of a quantum communication system architecture provided by an embodiment of the present application.
- the quantum communication system includes multiple nodes, such as a node B, a node C, a node D, and a node E.
- Node F Node G
- Node H Node H
- Routing path L 1 "source node B - relay node D - relay node E - relay node G - destination node P";
- Routing path L 2 "source node B - relay node D - relay node E - relay node G - destination node Q";
- Routing path L 3 "source node B - relay node D - relay node E - destination node H";
- Routing path L 4 "source node C - relay node D - destination node F";
- Routing path L 5 "source node B - relay node D - destination node F";
- Routing path L 6 "Source node R - Relay node E - Destination node H".
- FIG. 3 exemplarily shows a flow chart of a quantum key distribution method provided by an embodiment of the present application.
- the method provided in this embodiment of the present application includes:
- Step 301 The i-th node determines, according to the first correspondence, a first quantum key corresponding to the i-th node of the target routing path.
- the i-th node is the i-th relay node of the target routing path.
- the i-th node is the i-th node in the target routing path;
- the first quantum key corresponding to the i-th node of the target routing path is the i-th node acquired by the i-th node and the i-th in the target routing path - a quantum key shared between the nodes, the first correspondence relationship including the correspondence between the N routing paths of the i-th node and the N first quantum keys corresponding to the i-th node, N routing paths and
- the N first quantum keys corresponding to the i-th node are in one-to-one correspondence, N is a positive integer, and i is a positive integer.
- the target routing path is any one of the N routing paths.
- the target routing path in this embodiment is named for convenience of description only and does not have other limited meanings.
- Step 302 The i-th node determines, according to the second correspondence, a second quantum key corresponding to the i-th node of the target routing path.
- the second quantum key corresponding to the i-th node of the target routing path is a quantum key shared between the i-th node acquired by the i-th node and the i+1th node in the target routing path, and the second correspondence relationship
- the mapping between the N routing paths of the i-th node and the N second quantum keys corresponding to the i-th node, the N routing paths and the N second quantum keys corresponding to the i-th node are in one-to-one correspondence .
- Step 303 the i-th node generates the i-th of the target routing path according to the first quantum key corresponding to the i-th node of the target routing path and the second quantum key corresponding to the i-th node of the target routing path.
- Step 304 The i-th node sends the third quantum key corresponding to the i-th node of the target routing path to the target node of the target routing path.
- Step 305 The i-th node encrypts the received first ciphertext from the i-th node in the target routing path by using a third quantum key corresponding to the i-th node of the target routing path, The obtained second ciphertext corresponding to the i th node is sent to the i+1th node in the target routing path.
- the first ciphertext received by the i-th node from the i-1th node in the target routing path is the second ciphertext corresponding to the i-1th node sent by the i-1th node;
- i 1
- the 0th node is the source node of the target routing path
- the second ciphertext corresponding to the source node of the target routing path is the second quantum key corresponding to the source node using the target routing path to the target.
- the quantum key to be shared between the source node of the routing path and the target node of the target routing path is encrypted.
- the second quantum key corresponding to the i-1th node in the target routing path is the same as the first quantum key corresponding to the i th node of the target routing path; and the i th in the target routing path
- the second quantum key corresponding to the node is the same as the first quantum key corresponding to the i+1th node of the target routing path.
- the i th node encrypts the received first ciphertext from the i-1th node in the target routing path by using the third quantum key corresponding to the i th node of the target routing path.
- the algorithm can be referred to as the first algorithm.
- the first quantum key corresponding to the i th node of the target routing path and the second quantum key corresponding to the i th node of the target routing path are generated, and the i th node corresponding to the target routing path is generated.
- the algorithm used in the third quantum key may be referred to as a second algorithm.
- FIG. 4 exemplarily shows a schematic diagram of a quantum key distribution method for the routing path L 2 of FIG. 2.
- the scheme shown in FIG. 4 performs the scheme corresponding to the above step 305.
- the source node B and The quantum key to be shared between the destination nodes Q is K BQ (L 2 ), and the source node B needs to transmit the quantum key K BQ (L 2 ) to be shared to the destination node Q.
- the specific process is as follows:
- the source node B acquires the quantum key K BQ (L 2 ) to be shared.
- the second quantum key corresponding to the source node B is a quantum key shared between the source node B and the relay node D corresponding to the source node B in the routing path L 2 determined by the source node B, and K BD is used in FIG. (L 2 ) represents the second quantum key corresponding to the source node B in the routing path L 2 .
- the source node B uses the second quantum key K BD (L 2 ) corresponding to the source node B to perform the quantum key K BQ (L 2 ) to be shared between the source node of the target routing path and the target node of the target routing path. Encryption, the second ciphertext K B (L 2 ) corresponding to the source node B is obtained, and the source node B transmits the second ciphertext K B (L 2 ) corresponding to the source node to the relay node D.
- the algorithm for encrypting K BQ (L 2 ) using K BD (L 2 ) may be referred to as a third algorithm, and the third algorithm may be the same as the first algorithm described above, or other algorithms may be used.
- the relay node D receives the first ciphertext K B (L 2 ) from the source node B. That is to say, the second ciphertext corresponding to the source node B sent by the source node B and the first ciphertext received by the relay node D are the same ciphertext.
- the first ciphertext received by the relay node in the embodiment of the present application may also be referred to as the first ciphertext corresponding to the relay node, for example, the first ciphertext K B (L 2 ) received by the relay node D may also be used. It is called the first ciphertext K B (L 2 ) corresponding to the relay node D.
- the target routing path is the routing path L 2 and the D node is the i th node in the target routing path
- the B node is the i-1th node of the target routing path
- the E node is the i th of the target routing path.
- the +1 node, the G node is similar to the i+2 node of the target routing path, and will not be described again.
- the relay node D is the first quantum key K DB (L 2 ) corresponding to the relay node D of the path according to the road target, and the second quantum key K DE (L 2 ) corresponding to the relay node D of the target routing path.
- a third quantum key K BE (L 2 ) corresponding to the relay node D of the target routing path is generated.
- the relay node D encrypts the first ciphertext K B (L 2 ) corresponding to the received relay node D by using the third quantum key K BE (L 2 ) to obtain a second corresponding to the relay node D.
- the ciphertext K D (L 2 ) the relay node D transmits the second ciphertext K D (L 2 ) corresponding to the relay node D to the relay node E.
- the algorithm for encrypting the first ciphertext K B (L 2 ) using the third quantum key K BE (L 2 ) to generate K D (L 2 ) of the second ciphertext may be the first algorithm.
- the relay node E receives the first ciphertext K D (L 2 ) from the relay node D. That is to say, the second ciphertext corresponding to the relay node D sent by the relay node D and the first ciphertext received by the relay node E are the same ciphertext.
- a third quantum key K DG (L 2 ) corresponding to the relay node E of the routing path L 2 is generated.
- the relay node E encrypts the first ciphertext K D (L 2 ) using the third quantum key K DG (L 2 ) to obtain a second ciphertext K E (L 2 ) corresponding to the relay node E,
- the relay node E transmits the second ciphertext K E (L 2 ) corresponding to the relay node E to the relay node G.
- the relay node G receives the first ciphertext K E (L 2 ) from the relay node E. That is to say, the second ciphertext corresponding to the relay node E sent by the relay node E and the first ciphertext received by the relay node G are the same ciphertext.
- the second quantum repeater node G L G 2 a first quantum repeater node according to the routing path corresponding to the key K GE (L 2), the relay node and the routing path L G 2 corresponding to the key K GQ (L 2 A third quantum key K EQ (L 2 ) corresponding to the relay node G of the routing path L 2 is generated.
- the relay node G encrypts the first ciphertext K E (L 2 ) using the third quantum key K EQ (L 2 ) to obtain a second ciphertext K G (L 2 ) corresponding to the relay node G,
- the relay node G transmits the second ciphertext K G (L 2 ) corresponding to the relay node G to the relay node Q.
- the destination node Q receives the first ciphertext K G (L 2 ) from the relay node G, and the K G (L 2 ) may be referred to as the first ciphertext corresponding to the destination node Q.
- the destination node Q decrypts the first ciphertext K G (L 2 ) using the first quantum key K QG (L 2 ) corresponding to the destination node Q of the routing path L 2 to obtain the quantum key to be shared as K BQ ( L 2 ).
- the algorithm used in the decryption process may be referred to as a fourth algorithm, and the fourth algorithm may be the same as the first algorithm described above, or may be other algorithms.
- the destination node decrypts the first ciphertext corresponding to the destination node by using the first quantum key corresponding to the destination node of the target routing path, so as to obtain the quantum key to be shared, refer to the correlation of formula (1) in the following content. description.
- FIG. 5 exemplarily shows another schematic diagram of a quantum key distribution method for the routing path L 2 L 2 of FIG. 2.
- the scheme shown in FIG. 4 performs the scheme corresponding to the above step 304, as shown in FIG.
- the node sends the generated K B (L 2 ) to the destination node Q, which can be transmitted through the classical signal or through the quantum channel.
- Each relay node also transmits a third quantum key generated corresponding to each relay node to the destination node Q.
- the relay node D transmits the third quantum key K BE (L 2 ) corresponding to the relay node D of the generated routing path L 2 to the destination node Q, and the relay node E will generate the routing path L.
- the relay node E 2 corresponding to the third quantum key K DG (L 2) is sent to the destination node Q
- the third quantum routing path of the generated relay node G L G 2 corresponding to the relay node key K EQ (L 2 ) is sent to the destination node Q
- the destination node Q encrypts K B (L 2 ) using K BE (L 2 ), and encrypts the obtained result using K DG (L 2 ), and then obtains the result.
- the result is encrypted using K EQ (L 2 ), and then the obtained result is decrypted using K QG (L 2 ), thereby obtaining the quantum key K BQ (L 2 ) to be shared.
- the relay node no longer decrypts the information sent by the previous node of the relay node, so that the source node can be made.
- the quantum key to be shared with the destination node is no longer in the relay node, that is, the relay node does not decrypt the quantum key to be shared between the source node and the destination node, and can improve the relationship between the source node and the destination node.
- the security of the quantum key to be shared is no longer in the relay node, that is, the relay node does not decrypt the quantum key to be shared between the source node and the destination node, and can improve the relationship between the source node and the destination node.
- the relay node no longer encrypts and decrypts the information sent by the previous node of the relay node, which can save time and resources occupied by the photoelectric conversion of the quantum key to be shared on the routing path.
- the relay node may delete the first quantum key and the second quantum key corresponding to the relay node after generating the third quantum key, and it can be seen that the relay node may not leave
- the window period under attack reduces the ability of the eavesdropper to decrypt the quantum key to be shared, thereby further improving the security of information transmission during the quantum key distribution process.
- the related information of the third quantum key of the relay node can be published, so that the secure storage requirement for the information can be reduced.
- a node can publish a log of the operation and access conditions when the node acts as a relay node on a routing path, and the chip itself. Resource utilization.
- the relay node may disclose related information, such as a log of the operation and access status of the relay node, so as to help analyze the network running status, thereby improving the transparency to the client.
- the second quantum key corresponding to the i-1th node in the target routing path is the same as the first quantum key corresponding to the i th node of the target routing path
- the target route is The second quantum key corresponding to the i-th node in the path is the same as the first quantum key corresponding to the i+1th node of the target routing path.
- K BD (L 2 ) is the same as K DB (L 2 )
- K DE (L 2 ) is the same as K ED (L 2 )
- K EG (L 2 ) is the same as K GE (L 2 ).
- K GQ (L 2 ) is the same as K QG (L 2 ), so that the destination node can resolve the quantum key to be shared.
- the above-mentioned FIG. 4 and FIG. 5 are described by taking the first algorithm and the second algorithm as an exclusive OR algorithm. Those skilled in the art may know that the first algorithm and the second algorithm may also be other algorithms.
- the i-th node of the target routing path is generated according to the first quantum key corresponding to the i-th node of the target routing path and the second quantum key corresponding to the i-th node of the target routing path.
- the algorithm used in the corresponding third quantum key is a second algorithm, and the i-th node uses the third quantum key pair corresponding to the i-th node of the target routing path to receive the first from the target routing path.
- the algorithm for encrypting the first ciphertext of i-1 nodes is the first algorithm.
- the first algorithm satisfies equation (1):
- L j is an identifier of the target routing path
- K i-1,i-2 (L j ) is the first quantum key corresponding to the i-1th node in the target routing path L j ;
- K i-1,i (L j ) is a second quantum key corresponding to the i-1th node in the target routing path L j ;
- K i,i-1 (L j ) is the first quantum key corresponding to the i th node in the target routing path L j ;
- K i,i+1 (L j ) is a second quantum key corresponding to the i th node in the target routing path L j ;
- f E ( ⁇ ) is a function corresponding to the second algorithm
- the second algorithm is a first quantum key corresponding to the i-th node of the target routing path and a second corresponding to the i-th node of the target routing path a quantum key, an algorithm used to generate a third quantum key corresponding to the i-th node of the target routing path;
- g( ⁇ ) is a function corresponding to the first algorithm.
- f E K DB (L 2), K DE (L 2)
- f E K DB (L 2), K DE (L 2)
- the second quantum key K DE (L 2 ) corresponding to the node D performs the operation corresponding to the second algorithm, and the calculation result of f E (K DB (L 2 ), K DE (L 2 )) is as shown in FIG. 4 .
- f E (K ED (L 2 ), K EG (L 2)) is a first routing path L E quantum relay node 2 corresponding to key K ED (L 2) and the routing path L of the relay nodes 2
- the second quantum key K EG (L 2 ) corresponding to E performs the operation corresponding to the second algorithm, and the calculation result of f E (K ED (L 2 ), K EG (L 2 )) is as shown in FIG. a third quantum key K DG (L 2 ) corresponding to the relay node E of the routing path L 2 ;
- g(f E (K DB (L 2 ), K DE (L 2 )), f E (K ED (L 2 ), K EG (L 2 ))) is a relay node D corresponding to the routing path L 2
- the third quantum key K BE (L 2 ) and the third quantum key K DG (L 2 ) corresponding to the relay node E of the routing path L 2 perform the operation corresponding to the first algorithm, when K DE (L 2 ) When identical to K ED (L 2 ), the result is equal to f E (K DB (L 2 ), K EG (L 2 )).
- the quantum key to be shared can be obtained. It can be known by those skilled in the art that in the actual operation of the destination node, the detailed calculation result as shown in the above formula (2) may not be performed, and only the destination node uses K QG (L 2 ) for the received K G (L 2 ). The operation corresponding to the first algorithm may be performed.
- first algorithm, the second algorithm, the third algorithm, and the fourth algorithm are all XOR algorithms are taken as an example.
- the first algorithm, the second algorithm, and the third There are several implementations of the algorithm and the fourth algorithm.
- two sets of first algorithms corresponding to two nodes are two sets of different algorithms, or two sets of second algorithms corresponding to two nodes are two sets of different algorithms.
- f E ( ⁇ ) can be a function set, which can include a series of encryption functions ⁇ f E0 , f E1 ... ⁇ , and can also set a decryption function f D , where f E0 is the above third algorithm, For encrypting the quantum key to be shared between the source node and the destination node, f E1 , f E2 ...
- the function used by a ciphertext to perform the encryption operation is that the function corresponding to the first algorithm is the same as the function corresponding to the second algorithm (for example, f E1 is the first relay node in the routing path used to calculate the first relay node)
- Corresponding third quantum key, and a function used for performing the encryption operation on the received first ciphertext, f D is a fourth algorithm, that is, the destination node decrypts the received first ciphertext, thereby obtaining The quantum key to be shared.
- the two functions of the ⁇ f E0 , f E1 ... ⁇ and the f D may be the same or different, and are not limited in the embodiment of the present application.
- the quantum key shared between the adjacent two nodes used in the quantum key distribution process is unknown (including the front node and the destination node are not known).
- any person can obtain the quantum key to be shared by acquiring the third quantum key of some or all nodes and the second ciphertext sent by the source node, thereby improving The security of the quantum key distribution process.
- An embodiment of the present application further enumerates an optional implementation manner of the first algorithm and the second algorithm.
- the second algorithm may be defined to perform a subtraction operation of the modulo 4 for each two bits, specifically:
- z 2k-1 z 2k is the binary representation of a k -b k ; if a k ⁇ b k , then z 2k-1 z 2k is the binary representation of a k -b k +4 .
- the decryption function f D can perform the addition of modulo 4 for every two bits, it is not difficult to verify that the function in this example can also satisfy the above embodiment. It is to be noted that the above formula (1) is not a sufficient and sufficient condition for satisfying the solution provided by the embodiment of the present application, and is only a sufficient condition, and other functional forms satisfying the mathematical features of the above embodiment may be present, and the embodiment of the present application does not. Make restrictions.
- the communication system to which the embodiment of the present application is applicable may include multiple routing paths. If N is an integer greater than 1, the first routing path and the second routing path in the N routing paths through the i-th node: the first route The first quantum key corresponding to the i-th node of the path is different from the first quantum key corresponding to the i-th node of the second routing path; the second quantum key corresponding to the i-th node of the first routing path The second quantum key corresponding to the i-th node of the two routing paths is different.
- the first routing path and the second routing path are two different routing paths in the N routing paths. As shown in FIG.
- the relay node D there are five routing paths through the relay node D, for any two of the routing paths, such as the routing path L 1 and the routing path L 5 , wherein the relay node D corresponds to the routing path L 1
- the first quantum key is different from the first quantum key corresponding to the relay node D in the routing path L 5
- the relay node D is in the routing path L 1 corresponding to the second quantum key and the relay node D in the routing path
- the corresponding second quantum key in L 5 is different. That is to say, for each routing path, the node allocates a corresponding quantum key for the routing path, thereby realizing one time and one secret, which can further improve the security of quantum key distribution.
- the embodiment of the present application can be applied to the case of multipath, and the applicable network can be more complicated.
- each quantum key can be assigned a number, and the number corresponding to the quantum key can also be called the quantum key. Corresponding identifier.
- the quantum key K DE is continuously generated between the node D and the node E, and 256 bits can be used as a quantum key length, and each quantum key number corresponds to a 256-bit quantum key.
- the node D and the node E respectively need to allocate the quantum key generated between the node D and the node E to the routing path L 1 , the routing path L 2 , and the routing path L 3 .
- the second quantum key allocated by the node D for one routing path and the first quantum key allocated by the node E for the target routing path are the same quantum key.
- the node D is required to be the routing path L.
- a second quantum key distribution node E L 1 is assigned the routing path of the first quantum key is the same quantum key.
- the first correspondence may be acquired before the foregoing step 301, and the second correspondence is obtained before the step 302.
- the first correspondence and the second correspondence may be in various forms, for example, in the form of a table, or in the form of a text, etc., and the embodiments of the present application are not limited, and the following content is exemplarily described in the form of a table.
- the first corresponding relationship in the foregoing step 301 and the second corresponding relationship in the foregoing step 302 may be obtained in multiple manners.
- the first implementation is performed by using the optional implementation a1, the implementation a2, and the implementation a3.
- the first quantum key indication information corresponding to the i th node indicating the target routing path in the first correspondence relationship is sent by the centralized controller.
- the i th node receives the indication information of the first quantum key corresponding to the i th node of the target routing path sent by the centralized controller.
- the indication information of the first quantum key corresponding to the i th node of the target routing path may be directly the first quantum key corresponding to the i th node of the target routing path, or may be other Information indicating this correspondence.
- the i th node receives the indication information that is sent by the centralized controller and is used to indicate the second quantum key corresponding to the i th node of the target routing path.
- the centralized controller can collect the service request of the entire network, and can optimize the calculation of the routing path of the entire network. Then, the first correspondence corresponding to each node as a node can be uniformly calculated and then delivered to the corresponding node.
- the i th-1 node corresponding to the target routing path sends indication information indicating the first quantum key corresponding to the i th node of the target routing path in the first correspondence.
- the i-1th node corresponding to the routing path may calculate the second quantum key corresponding to the i-1th node corresponding to the target routing path, and then send to the i th node, because the target route
- the second quantum key corresponding to the i-1th node corresponding to the path is the same as the first quantum key corresponding to the i th node corresponding to the target routing path, and therefore, the i th node can learn the first correspondence The first quantum key corresponding to the i-th node of the target routing path.
- each node in the target routing path calculates a second quantum key corresponding to each node on the target routing path, and then each Each node sends its own second quantum key on the target routing path to its next node on the target routing path, because each node corresponds to the second quantum key on the target routing path and each node
- the first node on the target routing path has the same first quantum key on the target routing path.
- the node in the target routing path can obtain the ith of the routing path in the first correspondence by way of embodiment a2.
- the first quantum key corresponding to the node is the first quantum key corresponding to the node.
- the i-th node determines the first quantum key corresponding to the i-th node of the target routing path according to the acquired network topology information of the quantum communication system and the first preset rule.
- the i-th node determines the first quantum key corresponding to the i-th node of the target routing path according to the acquired network topology information of the quantum communication system and the first preset rule, and may have multiple implementation manners. The following is described by way of optional embodiment a3-1, embodiment a3-2 and embodiment a3-3.
- the i-th node is based on the ordering relationship between the numbers of the plurality of i-1th nodes in the N routing paths passing through the i-th node, and the nth i+ in the plurality of routing paths passing through the i-th node
- the ordering relationship between the number of one node and the ordering relationship between the numbers of the N routing paths of the i-th node determine the ordering of multiple routing paths through the i-th node, and sequentially determine The first quantum key corresponding to the i-th node of the target routing path.
- FIG. 6 is a schematic diagram showing the first correspondence relationship corresponding to the generation of the node D by the node D application embodiment a3-1 in FIG. 2, as shown in FIG. 6, in the six routing paths shown in FIG.
- Each node will have a global number.
- each node's global number can have a sort relationship.
- it can be represented by Arabic numerals, or letters or some characters with a preset ordering relationship. ordering relationship between the nodes follow the alphabet letters corresponding to the sort, as shown in FIG 6, relay node as node D for all the routing path L 1 to L 5, 5 to the nodes in the path from the route D
- the previous hop node is sorted.
- there are two previous hop nodes of node D which are node B and node C, respectively, and the sorting is as shown in the second column of FIG.
- next hop node of the node D is the next hop node of the node D in the four routing paths of the node B, as shown in FIG. 6, when the previous hop node of the node D is the B node, the node D The next hop node is node E and node F, and the ordering is as shown in the second row to the fifth row in the third column of FIG.
- the next hop node of the node D is the next hop node of the node C in one routing path of the C node, as shown in FIG. 6, when the last hop node of the node D is the C node, the next node D
- the hop node is node F, and the ordering is as shown in the sixth row in the third column of FIG.
- the routing may be sorted according to the global number of the routing path.
- each routing path may have a number globally, and the routing path numbers may have a sorting relationship. It is assumed that the ordering numbers of the six routing paths in FIG. 2 are L 1 to L 6 in order . 6, after the Node B, the path routing nodes D and E 3 are, respectively, L 1, L 2 and L 3. Lines 2 through 4 of the fourth column are presented in a global ordering relationship according to the numbers of L 1 , L 2 , and L 3 . There is only one routing path through node B, node D and node F, and there is only one routing path through node C, node D and node F, correspondingly ranked in the fifth row and sixth of the third column of Fig. 6. OK.
- the node D has already sorted all the routing paths passing through the node D, and then can assign the quantum key to each routing path according to the sorting relationship, as shown in the fourth column of FIG.
- the second row and the third behavior example in the fourth column of FIG. 6 are explained.
- the first quantum key assigned by the node D to the routing path L 1 is K DB (L 1 )
- the node D is assigned to the routing path L 2 .
- a quantum key is K DB (L 2 ).
- the quantum key consumption on a certain routing path may be relatively large. Therefore, the weight of each routing path may be set according to the quantum key consumption amount and/or the attribute information of the service on each routing path, thereby determining The number of quantum keys allocated for each quantum key distribution period for each routing path.
- K DB (L 1 ) is only the identifier corresponding to the first quantum key assigned by the node D to the routing path L 1 , and when only one quantum key is assigned to the routing path L1 in a quantum key allocation period, Assuming a quantum key length of 256 bits, K DB (L 1 ) may be a 256-bit quantum key corresponding identifier in each quantum key allocation period; if a quantum key distribution period is a routing path When L1 allocates multiple (such as 3) quantum keys, assuming a quantum key length of 256 bits, K DB (L 1 ) can be three 256-bit quantum keys in each quantum key allocation period. Corresponding identifier.
- the routing scheme of the routing path is flexible, and FIG. 6 only shows one possible implementation manner, and may also have other implementation manners, for example, according to multiple routing paths passing through the i-th node.
- the ordering relationship between the numbers of the i+1th nodes sorts the plurality of i+1th nodes, and according to the number of the i-1th nodes in the plurality of routing paths passing through the i-th node.
- the ordering relationship between the plurality of i-1th nodes is sorted, and then the routing paths are sorted according to the ordering relationship between the numbers of the plurality of routing paths of the i-th node, and so on, and details are not described herein.
- the ordering relationship between the numbers of the i-th nodes in the N routing paths passing through the i-th node and the numbering of the N routing paths passing through the i-th node determines the order of the plurality of routing paths through the i-th node, and sequentially determines the first quantum key corresponding to the i-th node of the target routing path.
- FIG. 7 exemplarily shows a schematic diagram of the first quantum key corresponding to the node D that generates the routing path L 2 by the node D application embodiment a3-2 in FIG. 2, as shown in FIG. 7, in this example, it may be determined first.
- the plurality of routing paths through node D are L 1 , L 2 , L 3 , L 4 , and L 5 , respectively .
- the next hop ordering of the nodes D in the routing paths L 1 , L 2 , L 3 , L 4 , and L 5 may be performed, as shown in the second row to the sixth row of the second column of FIG.
- the next hop corresponding to the multiple routing paths includes node E and node F, and then sorts the routing path numbers of the routing paths L 1 , L 2 , L 3 , L 4 , and L 5 , and the ranking result is as shown in FIG. 7 .
- the node D is assigned to each routing path in sequence according to the order of the routing paths L 1 , L 2 , L 3 , L 4 , and L 5 .
- the first quantum key is assigned to each routing path in sequence according to the order of the routing paths L 1 , L 2 , L 3 , L 4 , and L 5 .
- the i-th node determines the order of the N routing paths through the i-th node according to the ordering relationship between the numbers of the N routing paths passing through the i-th node, and sequentially determines the i-th of the target routing path.
- FIG. 8 exemplarily shows a schematic diagram of the first quantum key corresponding to the node D of the node D applying the implementation manner a3-3 of FIG. 2 to generate the routing path L 2 .
- the node D may be determined first.
- the plurality of routing paths are L 1 , L 2 , L 3 , L 4 , and L 5 , respectively .
- the number of the routing paths of the routing paths L 1 , L 2 , L 3 , L 4 , and L 5 can be sorted, and the sorting result is shown in the second row to the sixth row of the second column of FIG. 8 , and then
- the ordering of the routing paths L 1 , L 2 , L 3 , L 4 and L 5 sequentially assigns a corresponding first quantum key to each routing path.
- the manners of obtaining the second quantum key corresponding to the i-th node of the routing path in the second correspondence relationship are introduced by the optional implementation manner b1, the implementation manner b2, and the embodiment b3.
- the indication information indicating the second quantum key corresponding to the i-th node of the routing path in the second correspondence relationship is sent by the centralized controller.
- the indication information of the second quantum key corresponding to the i th node of the routing path in the second correspondence relationship may be directly the first quantum key corresponding to the i th node of the target routing path. Other information indicating this correspondence may also be used.
- the i th node receives the indication information that is sent by the centralized controller and is used to indicate the first quantum key corresponding to the i th node of the target routing path.
- the centralized controller can collect the service request of the entire network, and can optimize the calculation of the routing path of the entire network. Then, the second correspondence corresponding to each node as a node can be uniformly calculated and then delivered to the corresponding node.
- the indication information indicating the second quantum key corresponding to the i-th node of the routing path in the second correspondence relationship is sent by the (i+1)th node corresponding to the target routing path.
- the i+1th node corresponding to the routing path may calculate the first quantum key corresponding to the i+1th node corresponding to the target routing path, and then send to the i th node, because the target route
- the first quantum key corresponding to the i+1th node corresponding to the path is the same as the second quantum key corresponding to the i th node corresponding to the target routing path, and therefore, the i th node can learn the second correspondence The second quantum key corresponding to the i-th node of the target routing path.
- each node in the target routing path calculates a first quantum key corresponding to each node on the target routing path, and then each Each node sends its first quantum key corresponding to the target routing path to its previous node on the target routing path, because each node corresponds to the first quantum key on the target routing path and each node
- the second node on the target routing path has the same second quantum key on the target routing path.
- the i-th node determines the second quantum key corresponding to the i-th node of the target routing path according to the acquired network topology information of the quantum communication system and the second preset rule.
- the i-th node determines the second quantum key corresponding to the i-th node of the target routing path according to the acquired network topology information of the quantum communication system and the second preset rule, and may have multiple implementation manners. The following is described by way of alternative embodiment b3-1 and embodiment b3-2.
- the i-th node according to the order relationship between the numbers of the plurality of i+2 nodes in the plurality of routing paths passing through the i-th node and the i+1th node in the target routing path, and the e-th The ordering relationship between the number of nodes and the number of routing paths of the i+1th node in the target routing path, and determining the number of i+1th nodes and the i+1th node in the target routing path Sorting the routing paths, and sequentially determining the second quantum key corresponding to the i-th node of the target routing path.
- FIG. 9 exemplarily shows a schematic diagram of the second correspondence corresponding to the generation of the node D by the node D application embodiment b3-1 in FIG. 2, and as shown in FIG. 9, it is assumed that the quantum shared between the node D and the node E needs to be determined.
- all routing paths through node D and node E need to be determined first.
- all routing paths through node D and node E are L 1 , L 2 and L 3 .
- the next hop ordering of the node E in the routing paths L 1 , L 2 and L 3 can be sorted, as shown in the second row to the fourth row of the second column of FIG.
- the routing paths L 1 , L 2 next hop and two L 3 in node E, node G and node are H, then for the next hop node E to node G by the multi-path routes, the multiple routes are sorted according to the number of paths, As shown in the second row to the third row of the third column of FIG. 9, the routing path of the node H after the next hop of the node E is only one, and it is arranged in the fourth row of the third column of FIG. Then, according to the order of the routing paths L 1 , L 2 and L 3 , the second quantum key corresponding to each routing path of the node D is allocated for each routing path.
- FIG. 10 exemplarily shows a first correspondence relationship between the node E application node a3-1 and the node E in FIG. 2, as shown in FIG. 10, all routing paths of the node E as a node are L 1 , L 2 , L 3 and L 6 , first sort the previous hop nodes of the node E in the four routing paths, as shown in FIG. 10, there are two upper hop nodes of the node E, respectively node D and node R. The sorting is shown in the second column of Figure 10.
- the last hop node of the node E is the next hop node of the node E in the three routing paths of the D node, as shown in FIG. 10, when the last hop node of the node E is the D node, the node E The next hop node is node G and node H, and the ordering is as shown in the second row to the fourth row in the third column of FIG.
- the next hop node of the node E is the next hop node of the node R in one routing path of the R node, as shown in FIG. 10, when the last hop node of the node E is the R node, the next node E The hop node is node H, and the ordering is as shown in the fifth row in the third column of FIG.
- FIG. 10 there are two routing paths through the node D, the node E, and the node G, which are respectively L 1 and L 2 .
- Lines 2 through 3 of the fourth column are presented in a global ordering relationship based on the numbers of L 1 and L 2 .
- the node E has already sorted all the routing paths that pass through the node E, and then assigns the first quantum key corresponding to each routing path corresponding to the node E to each routing path according to the ordering relationship. .
- the second to third columns of FIG. 9 are identical to the contents of the second to fourth rows of the third to fourth columns of FIG. 10, that is, the node D is determined.
- the rule of the second quantum key between the node D and the node E corresponding to the node D is the same as the rule that the node E determines the first quantum key between the node E and the node D, and therefore, the ith in the routing path can be guaranteed
- the second quantum key corresponding to the node is the same as the first quantum key corresponding to the i+1th node in the target routing path.
- the i-th node determines, according to the order relationship between the number of the plurality of routing paths of the i-th node and the i+1th node in the target routing path, the i-th node and the target routing path Sorting the plurality of routing paths of the i+1th node, and sequentially determining the second quantum key corresponding to the i-th node of the target routing path.
- FIG. 11 exemplarily shows a schematic diagram of the second quantum key corresponding to the node D in which the node D application embodiment b3-2 of FIG. 2 generates the routing path L 2 .
- the second quantum key corresponding to the node D of L 2 may first determine that the plurality of routing paths passing through the node D and the node E are L 1 , L 2 and L 3 , respectively . Thereafter, the number of the routing paths of the routing paths L 1 , L 2 , and L 3 can be sorted, and the sorting result is shown in the second row to the fourth row of FIG. 11 , and then according to the routing paths L 1 , L 2 , and L 3 . And the sorting of L 4 sequentially assigns a corresponding first quantum key to each routing path.
- the embodiment b3-2 firstly filters out multiple routing paths through the i-th node and the i+1th node in the target routing path, and then directly according to The number of the plurality of routing paths of the i-th node and the i+1th node in the target routing path is sorted, and in the foregoing embodiment b3-1, the node E in the plurality of routing paths is firstly used. The next hop nodes are sorted, and then sorted according to the number of the multiple routing paths.
- FIG. 6 to FIG. 11 merely illustrate an exemplary implementation manner.
- the ordering relationship between the numbers of the plurality of i+1th nodes in the plurality of routing paths of the i-node, and the number of the i-th nodes in the plurality of routing paths passing through the i-th node The sorting relationship between the sorting relationship and the numbering of the plurality of routing paths through the i-th node determines the sorting of the plurality of routing paths through the i-th node, and sequentially determines the i-th of the target routing path
- the i-th node is based on a sort relationship between the number of the i-th nodes in the plurality of routing paths passing through the i-th node and the i-1th node in the target routing path, And determining, by the order relationship between the number of the i-th node and the number of the plurality of routing paths of the i-1th node in the target routing path, determining the i-th node and the i-1th in the target routing path Sorting multiple routing paths of the nodes, and sequentially determining the first quantum key corresponding to the i-th node of the target routing path.
- the first correspondence and/or the second correspondence may be calculated by each node, and the implementation may be based on a distributed information method, that is, The service request of the entire network may not be collected centrally, but the routing path of each service request is obtained by using the classical routing method, and then each routing path is correspondingly stored in each node through which the target routing path passes.
- Each node can calculate the first correspondence and/or the second correspondence according to its own internal topology information of all routing paths.
- any one of the above-described embodiment a1, the embodiment a2, and the embodiment a3 may be used in combination with any one of the embodiment b1, the embodiment b2, and the embodiment b3.
- the above may be employed.
- the first quantum key corresponding to the i-th node of the routing path in the first correspondence relationship is delivered by the centralized controller, and the second quantum key corresponding to the i-th node of the routing path in the second corresponding relationship is obtained. It can be calculated by the i-th node as shown in the above embodiment b3.
- the first quantum key corresponding to the i-th node of the routing path in the first correspondence relationship may be sent by the i-1th node shown in the foregoing embodiment a2, and the routing path in the second correspondence relationship
- the second quantum key corresponding to the i-th node can be calculated by the i-th node as shown in the above embodiment b3.
- the first quantum key corresponding to the i th node of the routing path in the first correspondence relationship may be calculated by the i th node in the foregoing embodiment a3, and the routing path in the second correspondence relationship
- the second quantum key corresponding to the i-th node may be issued by the (i+1)th node shown in the above embodiment b2.
- the first quantum key corresponding to the i th node of the routing path in the first correspondence relationship may be calculated by the i th node in the foregoing embodiment a3, and the routing path in the second correspondence relationship
- the second quantum key corresponding to the i-th node can be calculated by the i-th node as shown in the above embodiment b3.
- the i-th node may also use any one of the implementation manners a3-1 to a3-3 to determine the first quantum key corresponding to the i-th node of the routing path, or b3- Any one of the embodiments 1 to b3-2 determines the second quantum key corresponding to the i-th node of the routing path, and the selection manner is flexible.
- implementation manners a3-1 and b3-1 may be combined or used.
- Embodiment a3-2 and Embodiment b3-2 are used in combination, and Embodiment a3-3 and Embodiment b3-2 may be used in combination.
- the table shown in FIG. 6 in the embodiment of the present application may be used cyclically.
- the routing paths through the node B and the node D have L 1 , L 2 , L 3 , and L 4 , and the sorting is sequentially performed. It is L 1 , L 2 , L 3 , L 4 .
- the first quantum key pushed from the QKD system connected to the node B and the node D can be assigned to the routing path L 1 , and the identifier of the first quantum key can be represented by K DB (L 1 ) in FIG.
- each routing path may be assigned a quantum key, or may be based on a weight or a preset rule. Different routing paths set different quantum key allocation numbers, for example, three quantum keys can be allocated to one routing path in one quantum key allocation period.
- FIG. 12 exemplarily shows a schematic structural diagram of a local area network division in quantum communication provided by an embodiment of the present application.
- a quantum communication network can be Dividing a plurality of local area networks, such as the local area network 1201 and the local area network 1202 shown in FIG. 12, gateway nodes may be set in each local area network, and one or more gateway nodes may be set in each local area network, and only one exemplary one is shown in FIG. An example of setting up a gateway node in a local area network.
- the node M 1 S may be sent to the gateway node in the first data LAN 1201 1, after the LAN 1201 to a gateway node S transmits data corresponding to the LAN gateway node 1202 S 2, S 2 forwarded by the gateway node to a local node in the M 6 1202. That is to say, when the nodes in different local area networks communicate, the source node can send data to the gateway node in the local area network to which the source node belongs, and then transmit to the gateway node in the local area network where the destination node is located, so that the destination node is located. The gateway node in the local area network is transmitted to the destination node. In this case, the routing path corresponding to the service request inside each local area network can be assisted by the gateway node inside the local area network, thereby reducing the pressure on the centralized controller.
- the embodiment of the present application provides a quantum communication method, and the specific operation process is as follows:
- one or more nodes initiate an encrypted service request, and the encrypted service request may include an encrypted service request corresponding to the newly added service, and may also include canceling the encrypted service request corresponding to the existing service.
- the node-initiated encrypted service request may be sent to the centralized controller or to the gateway node in the local area network where the node is located. Or set a centralized control end, and the encrypted service request initiated by the node may be sent to the centralized control end.
- the centralized controller may plan a routing path corresponding to each encrypted service request.
- the routing path is planned by the centralized controller to optimize the routing path from a global perspective.
- the centralized controller in the embodiment of the present application may also be replaced by a centralized control terminal, or other devices having the functions of the centralized controller in the embodiment of the present application.
- the gateway node may plan a routing path inside the local area network where the gateway node is located.
- the centralized controller may plan. The routing path between the gateway node and the gateway node between different local area networks, this embodiment can alleviate the pressure of the centralized controller.
- the routing path After the routing path is delivered, it can be delivered to each of the nodes included in the target routing path.
- multiple parallel routing paths can be used to increase the final total key acquisition rate, or to increase its weight on a certain routing path.
- each node determines the first corresponding relationship and the second corresponding relationship according to the information of the newly issued routing path.
- the specific manner may be the manner in the foregoing embodiment a1 to the embodiment b2. Let me repeat.
- the first correspondence and the second correspondence of the history may be changed by using the newly acquired first correspondence and the second correspondence.
- the destination node can reasonably process various types of information received during the time period.
- the node calculates a third quantum key corresponding to the node of each routing path of the node according to the updated first correspondence relationship and the second correspondence relationship.
- the first quantum key and the second quantum key corresponding to the node of each routing path of the node are deleted within a preset duration after the result is calculated.
- the preset duration can be set to a smaller value, such as 1 minute or 30 seconds, which can improve the security of quantum key distribution.
- the node may disclose a third quantum key corresponding to the node of each routing path of the node, and related information of each routing path passing through the node.
- a node can disclose information, for example, it can be reported only to a centralized control node; it can be disclosed internally, that is, it can be disclosed among a group within a quantum network; it can be disclosed to a third party, such as to a third-party supervisory organization; The web is open because this part of the information does not affect security. But overall considerations can expose different information to different domains. Considering that this part of the public information will help to analyze the network situation if it is used properly, it is necessary to increase the authentication when the information is published to ensure that this information is sent by the node. In addition, the published information can be uploaded to the blockchain to further prevent tampering.
- the source node may be exposed at each of all nodes receiving the routing path: the node may expose the node passing through each routing path of the node Corresponding third quantum key, and related information of each routing path of the node, and then sending a second ciphertext corresponding to the source node.
- the destination node may be disclosed at each of all nodes receiving the routing path: the node may disclose the node passing through each routing path of the node After the corresponding third quantum key and the related information of each routing path of the node, the quantum key to be shared between the source node and the destination node may be parsed from the second ciphertext corresponding to the source node.
- the quantum key to be shared may be stored in a service key pool, where the service key pool belongs to a secure storage space.
- FIG. 13 is a schematic structural diagram of a quantum key distribution apparatus provided by the present application.
- the quantum key distribution apparatus 1301 includes a processor 1303, a transceiver 1302, a memory 1305, and a communication interface 1304.
- the processor 1303, the transceiver 1302, the memory 1305, and the communication interface 1304 are connected to each other through a bus.
- the quantum key distribution device 1301 in this example may be the i-th node in one of the foregoing routing paths, and those skilled in the art may know that the quantum key distribution device 1301 may also be a source node in other routing paths.
- a destination node or a node which is implemented in the embodiment of the present application when the equivalent subkey distribution device 1301 is defined as a node.
- the memory 1305 may include a volatile memory such as a random-access memory (RAM); the memory may also include a non-volatile memory such as a flash memory.
- RAM random-access memory
- the memory may also include a non-volatile memory such as a flash memory.
- a hard disk drive (HDD) or a solid-state drive (SSD); the memory 1305 may also include a combination of the above types of memories.
- the communication interface 1304 can be a wired communication access port, a wireless communication interface, or a combination thereof, wherein the wired communication interface can be, for example, an Ethernet interface.
- the Ethernet interface can be an optical interface, an electrical interface, or a combination thereof.
- the wireless communication interface can be a WLAN interface.
- the processor 1303 may be a central processing unit (CPU), a network processor (NP), or a combination of a CPU and an NP.
- the processor 1303 may further include a hardware chip.
- the hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof.
- the PLD may be a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a general array logic (GAL), or any combination thereof.
- the memory 1305 can also be used to store program instructions, and the processor 1303 calls the program instructions stored in the memory 1305, and can perform one or more steps in the embodiment shown in the above scheme, or an optional implementation thereof.
- the quantum key distribution device 1301 implements the function of the i-th node in the above method.
- the quantum key distribution device is the i-th node in a routing path of the quantum communication system.
- a processor 1303 in the quantum key distribution device configured to determine, according to the first correspondence, a first quantum key corresponding to an i th node of the target routing path, and determine an i th target of the target routing path according to the second correspondence
- the second quantum key corresponding to the node generates the ith of the target routing path according to the first quantum key corresponding to the i-th node of the target routing path and the second quantum key corresponding to the i-th node of the target routing path.
- the first correspondence relationship includes N first quantum keys corresponding to the i th node through the N routing paths of the i th node
- the N routing paths correspond to the N first quantum keys corresponding to the i-th node
- the target routing path is one of the N routing paths
- N is a positive integer
- i is a positive integer
- Target routing The second quantum key corresponding to the i-th node of the path is a quantum key shared between the i-th node acquired by the i-th node and the i+1th node in the target routing path, and the second correspondence includes The correspondence between the N routing paths of the i-th node
- the first ciphertext received by the i-th node from the i-1th node in the target routing path is the second ciphertext corresponding to the i-1th node sent by the i-1th node;
- the value is 1, the 0th node is the source node of the target routing path, and the second ciphertext corresponding to the source node of the target routing path is the source node of the second quantum key pair target routing path corresponding to the source node of the target routing path.
- the quantum key to be shared with the target node of the target routing path is encrypted.
- the second quantum key corresponding to the i-1th node in the target routing path is the same as the first quantum key corresponding to the i th node of the target routing path; and the i th node corresponding to the target routing path corresponds to The second quantum key is the same as the first quantum key corresponding to the i+1th node of the target routing path.
- N is an integer greater than 1
- the first routing path and the second routing path in the N routing paths through the i-th node the i-th node of the first routing path
- the corresponding first quantum key is different from the first quantum key corresponding to the i th node of the second routing path; the second quantum key corresponding to the i th node of the first routing path and the i th second of the second routing path
- the second quantum key corresponding to each node is different.
- the transceiver 1302 is further configured to receive, by the ith node of the centralized controller or the target routing path, an ith information indicating a target routing path in the first correspondence.
- the node corresponds to the indication information of the first quantum key of the target routing path; or the processor 1303 is further configured to determine the target routing path in the first correspondence according to the acquired network topology information of the quantum communication system and the first preset rule.
- the i-th node corresponds to the first quantum key of the target routing path.
- the transceiver 1302 is configured to: receive, by the centralized controller or the i+1th node corresponding to the target routing path, the ith information indicating the target routing path in the second correspondence relationship The indication information of the second quantum key corresponding to the node; or the processor 1303, configured to determine the ith of the target routing path in the second correspondence according to the acquired network topology information of the quantum communication system and the second preset rule The second quantum key corresponding to the node.
- FIG. 14 exemplarily shows a schematic structural diagram of a quantum key distribution apparatus according to an embodiment of the present application.
- the quantum key distribution apparatus 1401 includes a transceiver unit 1402 and a processing unit 1403.
- the quantum key distribution device 1401 in this example may be the i-th node in one of the foregoing routing paths.
- the quantum key distribution device 1401 may also be a source node in other routing paths.
- the processing unit 1403 is configured to determine, according to the first correspondence, a first quantum key corresponding to the i-th node of the target routing path, and determine, according to the second correspondence, a second quantum density corresponding to the i-th node of the target routing path.
- the first quantum key corresponding to the i-th node of the target routing path and the second quantum key corresponding to the i-th node of the target routing path generating a third quantum key corresponding to the i-th node of the target routing path Key;
- the i th node is the i th node in the target routing path;
- the first quantum key corresponding to the i th node of the target routing path is the i th node and the target routing path acquired by the i th node
- the quantum key shared between the i-1th nodes, the first correspondence relationship includes the correspondence between the N routing paths of the i-th node and the N first quantum keys corresponding to the i-th node, and N routes
- the path is in one-to-one correspondence with the N first quantum keys corresponding to the i-th node, and the target routing path is one of the N routing paths, N is a positive integer, i is a positive integer; the i-th of the target routing path Node correspondence
- the first ciphertext received by the i-th node from the i-1th node in the target routing path is the second ciphertext corresponding to the i-1th node sent by the i-1th node;
- the value is 1, the 0th node is the source node of the target routing path, and the second ciphertext corresponding to the source node of the target routing path is the source node of the second quantum key pair target routing path corresponding to the source node of the target routing path.
- the quantum key to be shared with the target node of the target routing path is encrypted.
- the second quantum key corresponding to the i-1th node in the target routing path is the same as the first quantum key corresponding to the i th node of the target routing path; and the i th node corresponding to the target routing path corresponds to The second quantum key is the same as the first quantum key corresponding to the i+1th node of the target routing path.
- the transceiver unit 1402 can be implemented by the transceiver 1302 of FIG. 13 above, and the processing unit 1403 can be implemented by the processor 1303 of FIG. 13 described above. That is, the transceiver unit 1402 in the embodiment of the present application may perform the solution executed by the transceiver 1302 of FIG. 13 , and the processing unit 1403 in the embodiment of the present application may execute the solution executed by the processor 1303 of FIG. 13 , and the rest of the content.
- the memory 1305 included in the quantum key distribution device 1301 can be used to store a code when the processor 1303 included in the quantum key distribution device 1301 executes a scheme, and the code can be a quantum key distribution device 1301. Program/code pre-installed at the factory.
- a computer program product includes one or more instructions.
- the computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device.
- the instructions may be stored on a computer storage medium or transferred from one computer storage medium to another computer storage medium, for example, instructions may be wired from a website site, computer, server or data center (eg, coaxial cable, fiber optic, digital user) Line (DSL) or wireless (eg infrared, wireless, microwave, etc.) transmission to another website site, computer, server or data center.
- the computer storage medium can be any available media that can be accessed by the computer or a data storage device such as a server, data center, or the like, including one or more available media.
- Usable media can be magnetic media (eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical media (eg, CD, DVD, BD, HVD, etc.), or semiconductor media (eg, ROM, EPROM, EEPROM, Non-volatile memory (NAND FLASH), solid state disk (SSD), etc.
- magnetic media eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.
- optical media eg, CD, DVD, BD, HVD, etc.
- semiconductor media eg, ROM, EPROM, EEPROM, Non-volatile memory (NAND FLASH), solid state disk (SSD), etc.
- embodiments of the present application can be provided as a method, system, or computer program product. Therefore, the embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, embodiments of the present application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
- computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
- Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present application. It will be understood that each flow and/or block of the flowcharts and/or block diagrams, and combinations of flow and/or blocks in the flowcharts and/or ⁇ RTIgt; These instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine such that instructions executed by a processor of a computer or other programmable data processing device are utilized for implementation A means of function specified in a flow or a flow and/or a block diagram of a block or blocks.
- the instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Electromagnetism (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Condensed Matter Physics & Semiconductors (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Computational Mathematics (AREA)
- Artificial Intelligence (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiments of the present application provide a quantum key distribution method, a device, and a storage medium, being used for solving the problem in the prior art that the security of quantum key distribution between nodes is poor. In the embodiments of the present application, an ith node generates a third quantum key corresponding to the ith node of a target routing path according to a determined first quantum key corresponding to the ith node of the target routing path and a determined second quantum key corresponding to the ith node of the target routing path, and sends, to a target node of the target routing path, the third quantum key corresponding to the ith node of the target routing path, or encrypts received first ciphertext using the third quantum key corresponding to the ith node of the target routing path, and sends, to an (i+1)th node in the target routing path, obtained second ciphertext corresponding to the ith node. It can be determined that the ith node does not decrypt the received first ciphertext, thereby improving the security of quantum key distribution.
Description
本申请要求在2018年04月13日提交中国专利局、申请号为201810332715.5、发明名称为“一种量子密钥分发方法、设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201810332715.5, entitled "A Quantum Key Distribution Method, Apparatus, and Storage Medium", filed on April 13, 2018, the entire disclosure of which is incorporated by reference. Combined in this application.
本申请涉及量子通信领域,尤其涉及一种量子密钥分发方法、设备及存储介质。The present application relates to the field of quantum communications, and in particular, to a quantum key distribution method, device, and storage medium.
随着科学技术的进步,信息化程度的加快,通信的频率更加频繁,人们对通信的安全性的要求越来越高。量子保密通信是量子特性与传统密码结合的产物,它利用量子力学的基本原理和特性来确保通信的安全性。经过三十多年的发展,量子保密通信目前正在走向市场实用化。With the advancement of science and technology, the degree of informationization has accelerated, the frequency of communication has become more frequent, and people have become more and more demanding on the security of communication. Quantum secret communication is the product of the combination of quantum characteristics and traditional cryptography. It uses the basic principles and characteristics of quantum mechanics to ensure the security of communication. After more than 30 years of development, quantum secure communication is currently coming to market for practical use.
现阶段最接近实用的量子保密通信技术是量子密钥分发(QKD)技术,其功能是在已共享部分安全密钥的前提下,实现对称密钥的无条件安全分发。图1示出了现有技术中量子密钥分发方法的示意图,如图1所示,路由路径中包括源节点A
1、中继节点A
2、中继节点A
3和目的节点A
4。K
1为源节点A
1和目的节点A
4之间的待共享量子密钥,需要从源节点A
1传输至目的节点A
4。现有技术中,源节点A
1使用K
A1A2对K
1加密,得到K
2,并将得到的K
2传输至中继节点A
2,其中,K
A1A2为源节点A
1和中继节点A
2共享的一个私钥。中继节点A
2使用K
A1A2对K
2解密,之后使用K
A2A3对K
1加密,得到K
3,并将得到的K
3传输至中继节点A
3,其中,K
A2A3为中继节点A
2和中继节点A
3共享的一个私钥。中继节点A
3使用K
A2A3对K
3解密,之后使用K
A3A4对K
1加密,得到K
4,并将得到的K
4传输至目的节点A
4,其中,K
A3A4为中继节点A
3和目的节点A
4共享的一个私钥。目的节点A
4使用K
A3A4对K
4解密,得到K
1。
The closest practical quantum security communication technology at this stage is the Quantum Key Distribution (QKD) technology, which functions to realize the unconditional secure distribution of symmetric keys under the premise of sharing some security keys. FIG. 1 is a schematic diagram showing a prior art quantum key distribution method. As shown in FIG. 1, the routing path includes a source node A 1 , a relay node A 2 , a relay node A 3 , and a destination node A 4 . K 1 is the quantum key to be shared between the source node A 1 and the destination node A 4 and needs to be transmitted from the source node A 1 to the destination node A 4 . In the prior art, the source node A 1 to K 1 K A1A2 using encryption, to give K 2, K 2 and the resulting transmission to the relay node A 2, wherein, K A1A2 is the source node and the relay node A 1 A 2 A private key shared. A 2 using the relay node K 2 of the decryption K A1A2, A2A3 K after use to encrypt K 1, K 3 obtained, and the resultant is transmitted to the relay node K 3 A 3, wherein, the relay node K A 2 A2A3 A private key shared with relay node A 3 . A 3 using the relay node K 3 K to decrypt A2A3, A3A4 K after use to encrypt K 1, to give K 4, K 4 and the resultant is transmitted to the destination node A 4, wherein, A3A4 relay node K and A 3 A private key shared by the destination node A 4 . A 4 using the destination node of K 4 K A3A4 decrypted to give K 1.
图1所示的方案中,源节点A
1和目的节点A
4之间的待共享量子密钥K
1在各个中间节点均会被解密,安全性较差。
In the scheme shown in FIG. 1, the quantum key K 1 to be shared between the source node A 1 and the destination node A 4 is decrypted at each intermediate node, and the security is poor.
发明内容Summary of the invention
本申请实施例提供一种量子密钥分发方法、设备及存储介质,可以解决现有技术中量子密钥在节点间分发存在的安全性差的问题。The embodiment of the present invention provides a quantum key distribution method, device, and storage medium, which can solve the problem of poor security of quantum key distribution between nodes in the prior art.
第一方面,本申请实施例提供一种量子密钥分发方法,该方法包括:In a first aspect, an embodiment of the present application provides a quantum key distribution method, where the method includes:
第i个节点根据第一对应关系确定出目标路由路径的第i个节点对应的第一量子密钥,其中,第i个节点为目标路由路径中的第i个节点;目标路由路径的第i个节点对应的第一量子密钥为第i个节点获取的第i个节点与目标路由路径中第i-1个节点之间共享的量子密钥,第一对应关系包括经过第i个节点的N条路由路径与第i个节点对应的N个第一量子密钥的对应关系,N条路由路径和第i个节点对应的N个第一量子密钥一一对应,目标路由路径为N个条路由路径中的一条路由路径,N为正整数,i为正整数;The i-th node determines, according to the first correspondence, a first quantum key corresponding to the i-th node of the target routing path, where the i-th node is the i-th node in the target routing path; the i-th node of the target routing path The first quantum key corresponding to the node is a quantum key shared between the i th node acquired by the i th node and the i th th node in the target routing path, and the first correspondence relationship includes the i th node The correspondence between the N routing paths and the N first quantum keys corresponding to the i-th node, the N routing paths and the N first quantum keys corresponding to the i-th node are in one-to-one correspondence, and the target routing path is N A routing path in a routing path, where N is a positive integer and i is a positive integer;
第i个节点根据第二对应关系确定出目标路由路径的第i个节点对应的第二量子密钥,目标路由路径的第i个节点对应的第二量子密钥为第i个节点所获取的第i个节点与目标路由路径中第i+1个节点之间共享的量子密钥,第二对应关系包括经过第i个节点的N条路 由路径与第i个节点对应的N个第二量子密钥的对应关系,N条路由路径和第i个节点对应的N个第二量子密钥一一对应;The i-th node determines a second quantum key corresponding to the i-th node of the target routing path according to the second correspondence, and the second quantum key corresponding to the i-th node of the target routing path is obtained by the i-th node a quantum key shared between the i-th node and the i+1th node in the target routing path, and the second correspondence relationship includes N second quantum paths corresponding to the i-th node through the N routing paths of the i-th node Corresponding relationship between the keys, the N routing paths and the N second quantum keys corresponding to the i-th node are in one-to-one correspondence;
第i个节点根据目标路由路径的第i个节点对应的第一量子密钥和目标路由路径的第i个节点对应的第二量子密钥,生成目标路由路径的第i个节点对应的第三量子密钥;The i-th node generates a third corresponding to the i-th node of the target routing path according to the first quantum key corresponding to the i-th node of the target routing path and the second quantum key corresponding to the i-th node of the target routing path Quantum key
第i个节点将目标路由路径的第i个节点对应的第三量子密钥发送给目标路由路径的目标节点;或者;第i个节点使用目标路由路径的第i个节点对应的第三量子密钥对接收到的来自目标路由路径中的第i-1个节点的第一密文进行加密,将得到的第i个节点对应的第二密文发送给目标路由路径中的第i+1个节点,其中,第i个节点接收到的来自目标路由路径中的第i-1个节点的第一密文为第i-1个节点发出的第i-1个节点对应的第二密文;当i为1时,第0个节点为目标路由路径的源节点,目标路由路径的源节点对应的第二密文为使用目标路由路径的源节点对应的第二量子密钥对目标路由路径的源节点和目标路由路径的目标节点之间待共享量子密钥进行加密得到的;The i-th node sends the third quantum key corresponding to the i-th node of the target routing path to the target node of the target routing path; or the i-th node uses the third quantum-density corresponding to the i-th node of the target routing path The key encrypts the received first ciphertext from the i-1th node in the target routing path, and sends the obtained second ciphertext corresponding to the i th node to the i+1th in the target routing path. a node, wherein the first ciphertext received by the i-th node from the i-th node in the target routing path is the second ciphertext corresponding to the i-th node sent by the i-1th node; When i is 1, the 0th node is the source node of the target routing path, and the second ciphertext corresponding to the source node of the target routing path is the second quantum key corresponding to the source node of the target routing path to the target routing path. The quantum key to be shared between the source node and the target node of the target routing path is encrypted;
其中,目标路由路径中的第i-1个节点对应的第二量子密钥与目标路由路径的第i个节点对应的第一量子密钥相同;且,目标路由路径中的第i个节点对应的第二量子密钥与目标路由路径的第i+1个节点对应的第一量子密钥相同。The second quantum key corresponding to the i-1th node in the target routing path is the same as the first quantum key corresponding to the i th node of the target routing path; and the i th node corresponding to the target routing path corresponds to The second quantum key is the same as the first quantum key corresponding to the i+1th node of the target routing path.
本申请实施例中,目标路由路径的源节点对应的第二密文为使用目标路由路径的源节点对应的第二量子密钥对目标路由路径的源节点和目标路由路径的目标节点之间待共享量子密钥进行加密得到的,且第i-1个节点发出的第i-1个节点对应的第二密文为第i个节点接收到的来自目标路由路径中的第i-1个节点的第一密文。第i个节点将目标路由路径的第i个节点对应的第三量子密钥发送给目标路由路径的目标节点;或者;第i个节点使用目标路由路径的第i个节点第三量子密钥对接收到的来自目标路由路径中的第i-1个节点的第一密文进行加密,将得到的第i个节点对应的第二密文发送给目标路由路径中的第i+1个节点,可见,第i个节点并未对接收到的第一密文进行解密,即源节点和目标路由路径的目标节点之间待共享量子密钥不会在节点落地,因此提高了量子密钥分发的安全性。In the embodiment of the present application, the second ciphertext corresponding to the source node of the target routing path is the second quantum key corresponding to the source node of the target routing path, and the source node of the target routing path and the target node of the target routing path are to be used. Encrypted by the shared quantum key, and the second ciphertext corresponding to the i-1th node sent by the i-1th node is the i-1th node from the target routing path received by the i th node The first ciphertext. The i-th node sends the third quantum key corresponding to the i-th node of the target routing path to the target node of the target routing path; or; the i-th node uses the i-th node of the target routing path to the third quantum key pair The received first ciphertext from the i-1th node in the target routing path is encrypted, and the second ciphertext corresponding to the obtained i th node is sent to the i+1th node in the target routing path. It can be seen that the i-th node does not decrypt the received first ciphertext, that is, the quantum key to be shared between the source node and the target node of the target routing path does not fall on the node, thus improving the quantum key distribution. safety.
在一种可能地实现方式中,若N为大于1的整数,则针对经过第i个节点的N条路由路径中的第一路由路径和第二路由路径:第一路由路径的第i个节点对应的第一量子密钥与第二路由路径的第i个节点对应的第一量子密钥不同;第一路由路径的第i个节点对应的第二量子密钥与第二路由路径的第i个节点对应的第二量子密钥不同。如此,针对每条路由路径,节点为该路由路径分配对应的量子密钥,从而实现一次一密,可以进一步提高量子密钥分配的安全性。In a possible implementation manner, if N is an integer greater than 1, the first routing path and the second routing path in the N routing paths through the i-th node: the i-th node of the first routing path The corresponding first quantum key is different from the first quantum key corresponding to the i th node of the second routing path; the second quantum key corresponding to the i th node of the first routing path and the i th second of the second routing path The second quantum key corresponding to each node is different. In this way, for each routing path, the node allocates a corresponding quantum key for the routing path, thereby implementing one-time and one-time density, which can further improve the security of quantum key distribution.
在一种可能地实现方式中,第i个节点根据第一对应关系确定出目标路由路径的第i个节点对应的第一量子密钥之前,还包括:第i个节点接收集中控制器或目标路由路径中的第i-1个节点发送的用于指示第一对应关系中的目标路由路径的第i个节点对应目标路由路径的第一量子密钥的指示信息;或者;第i个节点根据获取的量子通信系统的网络拓扑信息和第一预设规则确定第一对应关系中的目标路由路径的第i个节点对应目标路由路径的第一量子密钥。可见可以通过多种方案确定出路由路径的节点对应的第一量子密钥,提高了方案的灵活性。In a possible implementation manner, before the i th node determines the first quantum key corresponding to the i th node of the target routing path according to the first correspondence, the method further includes: the i th node receiving the centralized controller or the target And indicating, by the i-th node in the routing path, that the i-th node of the target routing path in the first correspondence corresponds to the first quantum key of the target routing path; or; the i-th node is configured according to The acquired network topology information of the quantum communication system and the first preset rule determine that the i-th node of the target routing path in the first correspondence corresponds to the first quantum key of the target routing path. It can be seen that the first quantum key corresponding to the node of the routing path can be determined through various schemes, thereby improving the flexibility of the scheme.
在一种可能地实现方式中,第i个节点根据获取的量子通信系统的网络拓扑信息和第一预设规则确定第一对应关系中的目标路由路径的第i个节点对应目标路由路径的第一量子密钥,包括:第i个节点根据经过第i个节点的N条路由路径中的N个第i-1个节点的 编号之间的排序关系、经过第i个节点的N条路由路径中的N个第i+1个节点的编号之间的排序关系,以及经过第i个节点的N条路由路径的编号之间的排序关系,确定出经过第i个节点的N条路由路径的排序,并依序确定出目标路由路径的第i个节点对应的第一量子密钥;或者;第i个节点根据经过第i个节点的N条路由路径中的N个第i+1个节点的编号之间的排序关系,以及经过第i个节点的N条路由路径的编号之间的排序关系,确定出经过第i个节点的N条路由路径的排序,并依序确定出目标路由路径的第i个节点对应的第一量子密钥;或者;第i个节点根据经过第i个节点的N条路由路径的编号之间的排序关系,确定出经过第i个节点的N条路由路径的排序,并依序确定出目标路由路径的第i个节点对应的第一量子密钥。可见,可以通过多种方式为经过第i个节点的多条路由路径进行排序,进而根据对路由路径的排序依序确定出该目标路由路径的第i个节点对应的第一量子密钥,从而可以提高确定出路由路径的第i个节点对应的第一量子密钥的便捷性和灵活性。In a possible implementation, the i-th node determines, according to the acquired network topology information of the quantum communication system and the first preset rule, the first routing target path of the i-th node of the target routing path in the first correspondence relationship. a quantum key, comprising: an order relationship between the number of the nth i-1th nodes in the N routing paths through the i-th node, and N routing paths through the i-th node according to the i-th node The ordering relationship between the numbers of the nth i+1th nodes in the middle, and the ordering relationship between the numbers of the N routing paths through the i-th node, determine the N routing paths through the i-th node Sorting, and sequentially determining the first quantum key corresponding to the i-th node of the target routing path; or; the i-th node according to the N th+1th nodes of the N routing paths passing through the i-th node The ordering relationship between the numbers, and the ordering relationship between the numbers of the N routing paths through the i-th node, determine the ordering of the N routing paths through the i-th node, and sequentially determine the target routing path The corresponding node of the i-th node a quantum key; or; the i-th node determines the order of the N routing paths through the i-th node according to the ordering relationship between the numbers of the N routing paths passing through the i-th node, and sequentially determines the target The first quantum key corresponding to the i-th node of the routing path. It can be seen that the multiple routing paths of the i-th node can be sorted in multiple manners, and then the first quantum key corresponding to the i-th node of the target routing path is sequentially determined according to the sorting of the routing path, thereby The convenience and flexibility of determining the first quantum key corresponding to the i-th node of the routing path can be improved.
在一种可能地实现方式中,第i个节点根据第二对应关系确定出目标路由路径的第i个节点对应的第二量子密钥之前,还包括:第i个节点接收集中控制器或目标路由路径对应的第i+1个节点发送的用于指示第二对应关系中的目标路由路径的第i个节点对应的第二量子密钥的指示信息;或者;第i个节点根据获取的量子通信系统的网络拓扑信息和第二预设规则确定第二对应关系中的目标路由路径的第i个节点对应的第二量子密钥。可见可以通过多种方案确定出路由路径的节点对应的第二量子密钥,提高了方案的灵活性。In a possible implementation manner, before the ith node determines the second quantum key corresponding to the i th node of the target routing path according to the second correspondence, the method further includes: the i th node receiving the centralized controller or the target And the indication information of the second quantum key corresponding to the i th node of the target routing path in the second correspondence relationship sent by the i+1th node corresponding to the routing path; or the ith node according to the acquired quantum The network topology information of the communication system and the second preset rule determine a second quantum key corresponding to the i-th node of the target routing path in the second correspondence. It can be seen that the second quantum key corresponding to the node of the routing path can be determined through various schemes, thereby improving the flexibility of the scheme.
在一种可能地实现方式中,第i个节点根据经过第i个节点和目标路由路径中的第i+1个节点的W条路由路径的编号之间的排序关系,确定出经过第i个节点和目标路由路径中的第i+1个节点的W条路由路径的排序,并依序确定出目标路由路径的第i个节点对应的第二量子密钥;W为不大于N的正整数;或者;第i个节点根据经过第i个节点和目标路由路径中的第i+1个节点的W条路由路径中的W个第i+2个节点的编号之间的排序关系,以及经过第i个节点和目标路由路径中的第i+1个节点的W条路由路径的编号之间的排序关系,确定出经过第i个节点和目标路由路径中的第i+1个节点的W条路由路径的排序,并依序确定出目标路由路径的第i个节点对应的第二量子密钥。可见,可以通过多种方式为经过第i个节点的多条路由路径进行排序,进而根据对路由路径的排序依序确定出该目标路由路径的第i个节点对应的第二量子密钥,从而可以提高确定出路由路径的第i个节点对应的第二量子密钥的便捷性和灵活性。In a possible implementation manner, the i-th node determines the e-th through the order relationship between the numbers of the W routing paths of the i-th node passing through the i-th node and the target routing path. Sorting the W routing paths of the i+1th node in the node and the target routing path, and sequentially determining the second quantum key corresponding to the i th node of the target routing path; W is a positive integer not greater than N Or; the i-th node according to the ordering relationship between the numbers of the W i+2 nodes in the W routing paths of the i+1th node passing through the i-th node and the target routing path, and The ordering relationship between the number of the W routing paths of the i-th node and the i+1th node in the target routing path, and determining the e-th node in the i-th node and the target routing path Sorting the routing paths, and sequentially determining the second quantum key corresponding to the i-th node of the target routing path. It can be seen that the multiple routing paths of the i-th node can be sorted in multiple manners, and then the second quantum key corresponding to the i-th node of the target routing path is sequentially determined according to the sorting of the routing path, thereby The convenience and flexibility of determining the second quantum key corresponding to the i-th node of the routing path can be improved.
在一种可能地实现方式中,第i个节点使用该目标路由路径的第i个节点对应的第三量子密钥对接收到的来自该目标路由路径中的第i-1个节点的第一密文进行加密的第一算法满足后续具体实施例中的公式(1),如此,可以使目的节点对接收到的第一密文进行解密操作后,得到待共享量子密钥,具体详细的分析过程可以参见后续具体实施例中的叙述,在此不再赘述。In a possible implementation manner, the i-th node uses the third quantum key pair corresponding to the i-th node of the target routing path to receive the first from the i-1th node in the target routing path. The first algorithm for encrypting the ciphertext satisfies the formula (1) in the following specific embodiment, so that the destination node can obtain the quantum key to be shared after decrypting the received first ciphertext, and the detailed detailed analysis is performed. For the process, reference may be made to the description in the following specific embodiments, and details are not described herein again.
第二方面,本申请实施例提供一种量子密钥分发设备,量子密钥分发设备包括存储器、收发器和处理器,其中:存储器用于存储指令;处理器用于根据执行存储器存储的指令,并控制收发器进行信号接收和信号发送,当处理器执行存储器存储的指令时,量子密钥分发设备用于执行上述第一方面或第一方面中任一种方法。In a second aspect, an embodiment of the present application provides a quantum key distribution device, where the quantum key distribution device includes a memory, a transceiver, and a processor, wherein: the memory is used to store the instruction; the processor is configured to execute the instruction stored in the memory, and The control transceiver performs signal reception and signal transmission, and the quantum key distribution device is configured to perform the method of any of the above first aspect or the first aspect when the processor executes the instruction stored in the memory.
第三方面,本申请实施例提供一种量子密钥分发设备,用于实现上述第一方面或第一方面中的任意一种方法,包括相应的功能模块,分别用于实现以上方法中的步骤。功能可 以通过硬件实现,也可以通过硬件执行相应的软件实现。硬件或软件包括一个或多个与上述功能相对应的模块。In a third aspect, the embodiment of the present application provides a quantum key distribution device, which is used to implement any one of the foregoing first aspect or the first aspect, including a corresponding functional module, respectively, for implementing the steps in the foregoing method. . The functions can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.
在一个可能的设计中,量子密钥分发设备的结构中包括处理单元和收发单元,这些单元可以执行上述方法示例中相应功能,具体参见方法示例中的详细描述,此处不做赘述。In a possible design, the structure of the quantum key distribution device includes a processing unit and a transceiver unit, and the units can perform the corresponding functions in the foregoing method examples. For details, refer to the detailed description in the method example, which is not described herein.
第四方面,本申请实施例提供一种计算机存储介质,计算机存储介质中存储有指令,当其在计算机上运行时,使得计算机执行第一方面或第一方面的任意可能的实现方式中的方法。In a fourth aspect, the embodiment of the present application provides a computer storage medium, where the computer storage medium stores instructions, when the computer is running on the computer, causing the computer to perform the method in the first aspect or any possible implementation manner of the first aspect. .
第五方面,本申请实施例提供一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机执行第一方面或第一方面的任意可能的实现方式中的方法。In a fifth aspect, an embodiment of the present application provides a computer program product comprising instructions, when executed on a computer, causing a computer to perform the method of the first aspect or any possible implementation of the first aspect.
图1示出了现有技术中量子密钥分发方法的示意图;FIG. 1 is a schematic diagram showing a prior art quantum key distribution method;
图2为本申请实施例提供的一种量子通信系统架构示意图;2 is a schematic structural diagram of a quantum communication system according to an embodiment of the present application;
图3为本申请实施例提供的一种量子密钥分配方法的流程示意图;FIG. 3 is a schematic flowchart diagram of a method for allocating a quantum key according to an embodiment of the present application;
图4为本申请实施例提供的一种针对图2的路由路径L
2进行量子密钥分配方法的示意图;
4 is a schematic diagram of a quantum key distribution method for the routing path L 2 of FIG. 2 according to an embodiment of the present application;
图5为本申请实施例提供的另一种针对图2的路由路径L
2进行量子密钥分配方法的示意图;
FIG. 5 is a schematic diagram of another quantum key distribution method for the routing path L 2 of FIG. 2 according to an embodiment of the present disclosure;
图6为本申请实施例中图2中的节点D应用实施方式a3-1生成节点D对应的第一对应关系的示意图;FIG. 6 is a schematic diagram of a first correspondence corresponding to a node D generated by a node D in FIG. 2 according to the embodiment of the present application;
图7为本申请实施例中图2中的节点D应用实施方式a3-2生成路由路径L
2的节点D对应的第一量子密钥的示意图;
FIG. 7 is a schematic diagram of a first quantum key corresponding to a node D that generates a routing path L 2 by using the node a3-2 in the embodiment D3 of FIG. 2 in the embodiment of the present application;
图8为本申请实施例中图2中的节点D应用实施方式a3-3生成路由路径L
2的节点D对应的第一量子密钥的示意图;
8 is a schematic diagram of a first quantum key corresponding to a node D that generates a routing path L 2 by using the node a3-3 in the embodiment D3 of FIG. 2 in the embodiment of the present application;
图9为本申请实施例中图2中的节点D应用实施方式b3-1生成节点D对应的第二对应关系的示意图;FIG. 9 is a schematic diagram of a second correspondence corresponding to the node D of the embodiment D3-1 of FIG. 2 in the embodiment of the present application;
图10为本申请实施例中图2中的节点E应用实施方式a3-1生成节点E对应的第一对应关系的示意图;FIG. 10 is a schematic diagram of a first correspondence corresponding to a node E generated by a node E in Embodiment A3-1 of FIG. 2 in the embodiment of the present application;
图11为本申请实施例中图2中的节点D应用实施方式b3-2生成路由路径L
2的节点D对应的第二量子密钥的示意图;
FIG. 11 is a schematic diagram of a second quantum key corresponding to a node D that generates a routing path L 2 by using the embodiment b3-2 of the node D in FIG. 2 in the embodiment of the present application;
图12为本申请实施例提供的一种量子通信中局域网划分的结构示意图;FIG. 12 is a schematic structural diagram of a local area network division in quantum communication according to an embodiment of the present disclosure;
图13为本申请实施例提供的一种量子密钥分配设备的结构示意图;FIG. 13 is a schematic structural diagram of a quantum key distribution apparatus according to an embodiment of the present disclosure;
图14为本申请实施例提供的另一种量子密钥分配设备的结构示意图。FIG. 14 is a schematic structural diagram of another quantum key distribution apparatus according to an embodiment of the present disclosure.
图2示例性示出了本申请实施例提供的一种量子通信系统架构示意图,如图2所示,该量子通信系统中包括多个节点,比如节点B、节点C、节点D、节点E、节点F、节点G、节点H、节点P、节点Q和节点R。多个节点之间可以组成多条路由路径,一条路由路径中的除源节点和目的节点之外的节点可以称为中继节点。一个节点可能在一条路由路径中作为源节点,在另一条路由路径中作为中继节点或目的节点。图2中示例性示出了几条路由路径,分别为:FIG. 2 exemplarily shows a schematic diagram of a quantum communication system architecture provided by an embodiment of the present application. As shown in FIG. 2, the quantum communication system includes multiple nodes, such as a node B, a node C, a node D, and a node E. Node F, Node G, Node H, Node P, Node Q, and Node R. A plurality of routing paths may be formed between multiple nodes, and nodes other than the source node and the destination node in one routing path may be referred to as relay nodes. A node may act as a source node in one routing path and as a relay node or destination node in another routing path. Several routing paths are exemplarily shown in Figure 2, which are:
路由路径L
1“源节点B-中继节点D-中继节点E-中继节点G-目的节点P”;
Routing path L 1 "source node B - relay node D - relay node E - relay node G - destination node P";
路由路径L
2“源节点B-中继节点D-中继节点E-中继节点G-目的节点Q”;
Routing path L 2 "source node B - relay node D - relay node E - relay node G - destination node Q";
路由路径L
3“源节点B-中继节点D-中继节点E-目的节点H”;
Routing path L 3 "source node B - relay node D - relay node E - destination node H";
路由路径L
4“源节点C-中继节点D-目的节点F”;
Routing path L 4 "source node C - relay node D - destination node F";
路由路径L
5“源节点B-中继节点D-目的节点F”;
Routing path L 5 "source node B - relay node D - destination node F";
路由路径L
6“源节点R-中继节点E-目的节点H”。
Routing path L 6 "Source node R - Relay node E - Destination node H".
基于图2所示的量子通信架构示意图,本申请实施例提供一种量子密钥分配方法,图3示例性示出了本申请实施例提供的一种量子密钥分配方法的流程示意图,如图3所示,本申请实施例提供的方法包括:Based on the schematic diagram of the quantum communication architecture shown in FIG. 2, the embodiment of the present application provides a quantum key distribution method, and FIG. 3 exemplarily shows a flow chart of a quantum key distribution method provided by an embodiment of the present application. As shown in FIG. 3, the method provided in this embodiment of the present application includes:
步骤301,第i个节点根据第一对应关系确定出目标路由路径的第i个节点对应的第一量子密钥。一种可选地实施方式中,第i个节点为目标路由路径的第i个中继节点。Step 301: The i-th node determines, according to the first correspondence, a first quantum key corresponding to the i-th node of the target routing path. In an optional implementation manner, the i-th node is the i-th relay node of the target routing path.
其中,第i个节点为目标路由路径中的第i个节点;目标路由路径的第i个节点对应的第一量子密钥为第i个节点获取的第i个节点与目标路由路径中第i-1个节点之间共享的量子密钥,第一对应关系包括经过第i个节点的N条路由路径与第i个节点对应的N个第一量子密钥的对应关系,N条路由路径和第i个节点对应的N个第一量子密钥一一对应,N为正整数,i为正整数。目标路由路径为N个条路由路径中的任一条路由路径,本申请实施例中的目标路由路径仅仅是为了描述方便而命名,并不具有其它限定意义。The i-th node is the i-th node in the target routing path; the first quantum key corresponding to the i-th node of the target routing path is the i-th node acquired by the i-th node and the i-th in the target routing path - a quantum key shared between the nodes, the first correspondence relationship including the correspondence between the N routing paths of the i-th node and the N first quantum keys corresponding to the i-th node, N routing paths and The N first quantum keys corresponding to the i-th node are in one-to-one correspondence, N is a positive integer, and i is a positive integer. The target routing path is any one of the N routing paths. The target routing path in this embodiment is named for convenience of description only and does not have other limited meanings.
步骤302,第i个节点根据第二对应关系确定出目标路由路径的第i个节点对应的第二量子密钥。Step 302: The i-th node determines, according to the second correspondence, a second quantum key corresponding to the i-th node of the target routing path.
目标路由路径的第i个节点对应的第二量子密钥为第i个节点所获取的第i个节点与目标路由路径中第i+1个节点之间共享的量子密钥,第二对应关系包括经过第i个节点的N条路由路径与第i个节点对应的N个第二量子密钥的对应关系,N条路由路径和第i个节点对应的N个第二量子密钥一一对应。The second quantum key corresponding to the i-th node of the target routing path is a quantum key shared between the i-th node acquired by the i-th node and the i+1th node in the target routing path, and the second correspondence relationship The mapping between the N routing paths of the i-th node and the N second quantum keys corresponding to the i-th node, the N routing paths and the N second quantum keys corresponding to the i-th node are in one-to-one correspondence .
步骤303,第i个节点根据该目标路由路径的第i个节点对应的第一量子密钥和该目标路由路径的第i个节点对应的第二量子密钥,生成该目标路由路径的第i个节点对应的第三量子密钥。在步骤303之后本申请实施例提供两种可选地实施方案,一种可选地实施方案中,在步骤303之后执行步骤304,另一种在步骤303之后执行步骤305。在步骤303之后执行步骤304还是步骤305可以由技术人员根据实际应用场景灵活自由选择。 Step 303, the i-th node generates the i-th of the target routing path according to the first quantum key corresponding to the i-th node of the target routing path and the second quantum key corresponding to the i-th node of the target routing path. The third quantum key corresponding to each node. After the step 303, the embodiment of the present application provides two alternative implementations. In an optional implementation, step 304 is performed after step 303, and step 305 is performed after step 303. Whether step 304 or step 305 is performed after step 303 can be flexibly and freely selected by the technician according to the actual application scenario.
步骤304,第i个节点将该目标路由路径的第i个节点对应的第三量子密钥发送给该目标路由路径的目标节点。Step 304: The i-th node sends the third quantum key corresponding to the i-th node of the target routing path to the target node of the target routing path.
步骤305,第i个节点使用该目标路由路径的第i个节点对应的第三量子密钥对接收到的来自该目标路由路径中的第i-1个节点的第一密文进行加密,将得到的第i个节点对应的第二密文发送给该目标路由路径中的第i+1个节点。Step 305: The i-th node encrypts the received first ciphertext from the i-th node in the target routing path by using a third quantum key corresponding to the i-th node of the target routing path, The obtained second ciphertext corresponding to the i th node is sent to the i+1th node in the target routing path.
其中,第i个节点接收到的来自该目标路由路径中的第i-1个节点的第一密文为第i-1个节点发出的第i-1个节点对应的第二密文;当i为1时,第0个节点为该目标路由路径的源节点,该目标路由路径的源节点对应的第二密文为使用该目标路由路径的源节点对应的第二量子密钥对该目标路由路径的源节点和该目标路由路径的目标节点之间待共享量子密钥进行加密得到的。The first ciphertext received by the i-th node from the i-1th node in the target routing path is the second ciphertext corresponding to the i-1th node sent by the i-1th node; When i is 1, the 0th node is the source node of the target routing path, and the second ciphertext corresponding to the source node of the target routing path is the second quantum key corresponding to the source node using the target routing path to the target. The quantum key to be shared between the source node of the routing path and the target node of the target routing path is encrypted.
其中,该目标路由路径中的第i-1个节点对应的第二量子密钥与该目标路由路径的第i个节点对应的第一量子密钥相同;且,该目标路由路径中的第i个节点对应的第二量子密 钥与该目标路由路径的第i+1个节点对应的第一量子密钥相同。The second quantum key corresponding to the i-1th node in the target routing path is the same as the first quantum key corresponding to the i th node of the target routing path; and the i th in the target routing path The second quantum key corresponding to the node is the same as the first quantum key corresponding to the i+1th node of the target routing path.
本申请实施例中,第i个节点使用目标路由路径的第i个节点对应的第三量子密钥对接收到的来自目标路由路径中的第i-1个节点的第一密文进行加密的算法可以称为第一算法。本申请实施例中,根据目标路由路径的第i个节点对应的第一量子密钥和目标路由路径的第i个节点对应的第二量子密钥,生成目标路由路径的第i个节点对应的第三量子密钥时所使用的算法可以称为第二算法。In the embodiment of the present application, the i th node encrypts the received first ciphertext from the i-1th node in the target routing path by using the third quantum key corresponding to the i th node of the target routing path. The algorithm can be referred to as the first algorithm. In the embodiment of the present application, the first quantum key corresponding to the i th node of the target routing path and the second quantum key corresponding to the i th node of the target routing path are generated, and the i th node corresponding to the target routing path is generated. The algorithm used in the third quantum key may be referred to as a second algorithm.
下面以目标路由路径为图2中的路由路径L
2对上述图3所示的量子密钥分配方法进行详细描述。图4示例性示出了一种针对图2的路由路径L
2进行量子密钥分配方法的示意图,图4所示的方案执行上述步骤305对应的方案,如图4所示,源节点B与目的节点Q之间的待共享量子密钥为K
BQ(L
2),源节点B需将待共享量子密钥K
BQ(L
2)传输至目的节点Q。具体流程如下:
The quantum key distribution method shown in FIG. 3 above will be described in detail below with the target routing path as the routing path L 2 in FIG. 2. FIG. 4 exemplarily shows a schematic diagram of a quantum key distribution method for the routing path L 2 of FIG. 2. The scheme shown in FIG. 4 performs the scheme corresponding to the above step 305. As shown in FIG. 4, the source node B and The quantum key to be shared between the destination nodes Q is K BQ (L 2 ), and the source node B needs to transmit the quantum key K BQ (L 2 ) to be shared to the destination node Q. The specific process is as follows:
如图4所示,对于源节点来说,源节点B获取待共享量子密钥K
BQ(L
2)。源节点B对应的第二量子密钥为源节点B确定出的路由路径L
2中的源节点B对应的源节点B与中继节点D之间共享的量子密钥,图4中以K
BD(L
2)表示路由路径L
2中源节点B对应的第二量子密钥。
As shown in FIG. 4, for the source node, the source node B acquires the quantum key K BQ (L 2 ) to be shared. The second quantum key corresponding to the source node B is a quantum key shared between the source node B and the relay node D corresponding to the source node B in the routing path L 2 determined by the source node B, and K BD is used in FIG. (L 2 ) represents the second quantum key corresponding to the source node B in the routing path L 2 .
源节点B使用源节点B对应的第二量子密钥K
BD(L
2)对该目标路由路径的源节点和该目标路由路径的目标节点之间待共享量子密钥K
BQ(L
2)进行加密,得到源节点B对应的第二密文K
B(L
2),源节点B向中继节点D发送源节点对应的第二密文K
B(L
2)。其中,使用K
BD(L
2)对K
BQ(L
2)进行加密的算法可以称为第三算法,第三算法可以与上述第一算法相同,也可以采用其它算法。
The source node B uses the second quantum key K BD (L 2 ) corresponding to the source node B to perform the quantum key K BQ (L 2 ) to be shared between the source node of the target routing path and the target node of the target routing path. Encryption, the second ciphertext K B (L 2 ) corresponding to the source node B is obtained, and the source node B transmits the second ciphertext K B (L 2 ) corresponding to the source node to the relay node D. The algorithm for encrypting K BQ (L 2 ) using K BD (L 2 ) may be referred to as a third algorithm, and the third algorithm may be the same as the first algorithm described above, or other algorithms may be used.
相对应地,中继节点D接收来自源节点B的第一密文K
B(L
2)。也就是说源节点B发出的源节点B对应的第二密文与中继节点D接收到的第一密文为同一个密文。本申请实施例中中继节点接收到的第一密文也可以称为该中继节点对应的第一密文,比如中继节点D接收到的第一密文K
B(L
2)也可以称为中继节点D对应的第一密文K
B(L
2)。若目标路由路径为路由路径L
2,D节点为该目标路由路径中的第i个节点,则B节点为该目标路由路径的第i-1个节点,E节点为该目标路由路径的第i+1个节点,G节点为该目标路由路径的第i+2个节点后续类似,不再赘述。中继节点D根据路目标由路径的中继节点D对应的第一量子密钥K
DB(L
2),以及目标路由路径的中继节点D对应的第二量子密钥K
DE(L
2)生成目标路由路径的中继节点D对应的第三量子密钥K
BE(L
2)。
Correspondingly, the relay node D receives the first ciphertext K B (L 2 ) from the source node B. That is to say, the second ciphertext corresponding to the source node B sent by the source node B and the first ciphertext received by the relay node D are the same ciphertext. The first ciphertext received by the relay node in the embodiment of the present application may also be referred to as the first ciphertext corresponding to the relay node, for example, the first ciphertext K B (L 2 ) received by the relay node D may also be used. It is called the first ciphertext K B (L 2 ) corresponding to the relay node D. If the target routing path is the routing path L 2 and the D node is the i th node in the target routing path, the B node is the i-1th node of the target routing path, and the E node is the i th of the target routing path. The +1 node, the G node is similar to the i+2 node of the target routing path, and will not be described again. The relay node D is the first quantum key K DB (L 2 ) corresponding to the relay node D of the path according to the road target, and the second quantum key K DE (L 2 ) corresponding to the relay node D of the target routing path. A third quantum key K BE (L 2 ) corresponding to the relay node D of the target routing path is generated.
进一步,中继节点D使用第三量子密钥K
BE(L
2)对接收到的中继节点D对应的第一密文K
B(L
2)进行加密,得到中继节点D对应的第二密文K
D(L
2),中继节点D向中继节点E发送中继节点D对应的第二密文K
D(L
2)。使用第三量子密钥K
BE(L
2)对第一密文K
B(L
2)进行加密生成第二密文的K
D(L
2)的算法可以为第一算法。
Further, the relay node D encrypts the first ciphertext K B (L 2 ) corresponding to the received relay node D by using the third quantum key K BE (L 2 ) to obtain a second corresponding to the relay node D. The ciphertext K D (L 2 ), the relay node D transmits the second ciphertext K D (L 2 ) corresponding to the relay node D to the relay node E. The algorithm for encrypting the first ciphertext K B (L 2 ) using the third quantum key K BE (L 2 ) to generate K D (L 2 ) of the second ciphertext may be the first algorithm.
相对应地,中继节点E接收来自中继节点D的第一密文K
D(L
2)。也就是说中继节点D发出的中继节点D对应的第二密文与中继节点E接收到的第一密文为同一个密文。中继节点E根据路由路径L
2的中继节点E对应的第一量子密钥K
ED(L
2),以及路由路径L
2的中继节点E对应的第二量子密钥K
EG(L
2)生成路由路径L
2的中继节点E对应的第三量子密钥K
DG(L
2)。进一步,中继节点E使用第三量子密钥K
DG(L
2)对第一密文K
D(L
2)进行加密,得到中继节点E对应的第二密文K
E(L
2),中继节点E向中继节点G发送中继节点E对应的第二密文K
E(L
2)。
Correspondingly, the relay node E receives the first ciphertext K D (L 2 ) from the relay node D. That is to say, the second ciphertext corresponding to the relay node D sent by the relay node D and the first ciphertext received by the relay node E are the same ciphertext. A second quantum key K EG (L 2 a first quantum repeater node E L E 2 corresponding to the relay node according to the routing path key K ED (L 2), the relay node and the routing path L corresponding to E 2 A third quantum key K DG (L 2 ) corresponding to the relay node E of the routing path L 2 is generated. Further, the relay node E encrypts the first ciphertext K D (L 2 ) using the third quantum key K DG (L 2 ) to obtain a second ciphertext K E (L 2 ) corresponding to the relay node E, The relay node E transmits the second ciphertext K E (L 2 ) corresponding to the relay node E to the relay node G.
相对应地,中继节点G接收来自中继节点E的第一密文K
E(L
2)。也就是说中继节点E发出的中继节点E对应的第二密文与中继节点G接收到的第一密文为同一个密文。中继节点G根据路由路径L
2的中继节点G对应的第一量子密钥K
GE(L
2),以及路由路径L
2的中继节点G对应的第二量子密钥K
GQ(L
2)生成路由路径L
2的中继节点G对应的第三量子密钥K
EQ(L
2)。进一步,中继节点G使用第三量子密钥K
EQ(L
2)对第一密文K
E(L
2)进行加密,得到中继节点G对应的第二密文K
G(L
2),中继节点G向中继节点Q发送中继节点G对应的第二密文K
G(L
2)。
Correspondingly, the relay node G receives the first ciphertext K E (L 2 ) from the relay node E. That is to say, the second ciphertext corresponding to the relay node E sent by the relay node E and the first ciphertext received by the relay node G are the same ciphertext. The second quantum repeater node G L G 2 a first quantum repeater node according to the routing path corresponding to the key K GE (L 2), the relay node and the routing path L G 2 corresponding to the key K GQ (L 2 A third quantum key K EQ (L 2 ) corresponding to the relay node G of the routing path L 2 is generated. Further, the relay node G encrypts the first ciphertext K E (L 2 ) using the third quantum key K EQ (L 2 ) to obtain a second ciphertext K G (L 2 ) corresponding to the relay node G, The relay node G transmits the second ciphertext K G (L 2 ) corresponding to the relay node G to the relay node Q.
进一步,目的节点Q接收来自中继节点G的第一密文K
G(L
2),K
G(L
2)可以称为目的节点Q对应的第一密文。目的节点Q使用路由路径L
2的目的节点Q对应的第一量子密钥K
QG(L
2)对第一密文K
G(L
2)进行解密处理,得到待共享量子密钥为K
BQ(L
2)。其中,解密处理所使用的算法可以称为第四算法,第四算法可以与上述第一算法相同,也可以是其它算法。
Further, the destination node Q receives the first ciphertext K G (L 2 ) from the relay node G, and the K G (L 2 ) may be referred to as the first ciphertext corresponding to the destination node Q. The destination node Q decrypts the first ciphertext K G (L 2 ) using the first quantum key K QG (L 2 ) corresponding to the destination node Q of the routing path L 2 to obtain the quantum key to be shared as K BQ ( L 2 ). The algorithm used in the decryption process may be referred to as a fourth algorithm, and the fourth algorithm may be the same as the first algorithm described above, or may be other algorithms.
目的节点使用目标路由路径的目的节点对应的第一量子密钥对目的节点对应的第一密文进行解密处理,从而得到待共享量子密钥的过程可以参见下述内容中公式(1)的相关描述。The destination node decrypts the first ciphertext corresponding to the destination node by using the first quantum key corresponding to the destination node of the target routing path, so as to obtain the quantum key to be shared, refer to the correlation of formula (1) in the following content. description.
图5示例性示出了另一种针对图2的路由路径L
2L
2进行量子密钥分配方法的示意图,图4所示的方案执行上述步骤304对应的方案,如图5所示,源节点将生成的K
B(L
2)发送至目的节点Q,可以通过经典信号,也可以通过量子信道发送。各个中继节点也将各个中继节点对应生成的第三量子密钥发送至目的节点Q。比如图5中,中继节点D将生成的路由路径L
2的中继节点D对应的第三量子密钥K
BE(L
2)发送至目的节点Q,中继节点E将生成的路由路径L
2的中继节点E对应的第三量子密钥K
DG(L
2)发送至目的节点Q,中继节点G将生成的路由路径L
2的中继节点G对应的第三量子密钥K
EQ(L
2)发送至目的节点Q,目的节点Q使用K
BE(L
2)对K
B(L
2)进行加密处理,对得到的结果使用K
DG(L
2)进行加密处理,之后再对得到的结果使用K
EQ(L
2)进行加密处理,之后对得到的结果使用K
QG(L
2)进行解密处理,从而得到待共享量子密钥K
BQ(L
2)。可以看出该方案中,各个中继节点计算出第三量子密钥之后即发送至目的节点,从而可以节省各个中继节点操作时长,可以进一步提高量子密钥分配效率。
FIG. 5 exemplarily shows another schematic diagram of a quantum key distribution method for the routing path L 2 L 2 of FIG. 2. The scheme shown in FIG. 4 performs the scheme corresponding to the above step 304, as shown in FIG. The node sends the generated K B (L 2 ) to the destination node Q, which can be transmitted through the classical signal or through the quantum channel. Each relay node also transmits a third quantum key generated corresponding to each relay node to the destination node Q. For example, in FIG. 5, the relay node D transmits the third quantum key K BE (L 2 ) corresponding to the relay node D of the generated routing path L 2 to the destination node Q, and the relay node E will generate the routing path L. the relay node E 2 corresponding to the third quantum key K DG (L 2) is sent to the destination node Q, the third quantum routing path of the generated relay node G L G 2 corresponding to the relay node key K EQ (L 2 ) is sent to the destination node Q, and the destination node Q encrypts K B (L 2 ) using K BE (L 2 ), and encrypts the obtained result using K DG (L 2 ), and then obtains the result. The result is encrypted using K EQ (L 2 ), and then the obtained result is decrypted using K QG (L 2 ), thereby obtaining the quantum key K BQ (L 2 ) to be shared. It can be seen that in the solution, each relay node sends the third quantum key to the destination node, so that the operation time of each relay node can be saved, and the quantum key distribution efficiency can be further improved.
通过上述图4和图5所示的示例可以看出,首先,本申请实施例中,中继节点不再对该中继节点的前一个节点发送的信息进行再次的解密,从而可以使得源节点和目的节点之间的待共享量子密钥在中继节点不再落地,即中继节点不会解密出源节点和目的节点之间的待共享量子密钥,可以提高源节点和目的节点之间的待共享量子密钥的安全性。It can be seen from the examples shown in FIG. 4 and FIG. 5 that, in the embodiment of the present application, the relay node no longer decrypts the information sent by the previous node of the relay node, so that the source node can be made. The quantum key to be shared with the destination node is no longer in the relay node, that is, the relay node does not decrypt the quantum key to be shared between the source node and the destination node, and can improve the relationship between the source node and the destination node. The security of the quantum key to be shared.
其次,中继节点不再对该中继节点的前一个节点发送的信息进行再次的加密和解密,可以节省待共享量子密钥在路由路径上的光电转换所占用时间和资源。Secondly, the relay node no longer encrypts and decrypts the information sent by the previous node of the relay node, which can save time and resources occupied by the photoelectric conversion of the quantum key to be shared on the routing path.
第三,本申请实施例中,中继节点可以在生成第三量子密钥之后删除该中继节点对应的第一量子密钥和第二量子密钥,可以看出,中继节点可以不留下被攻击的窗口期,降低窃听者解密待共享量子密钥的能力,从而可以进一步提高量子密钥分配过程中信息传输的安全性。Third, in the embodiment of the present application, the relay node may delete the first quantum key and the second quantum key corresponding to the relay node after generating the third quantum key, and it can be seen that the relay node may not leave The window period under attack reduces the ability of the eavesdropper to decrypt the quantum key to be shared, thereby further improving the security of information transmission during the quantum key distribution process.
第四,中继节点的第三量子密钥的相关信息是可以公布的,从而可以降低对信息的安全存储要求。这为进一步地实现全部和中继节点属性相关的所有信息都公布奠定基础,一个节点可以公布当该节点作为一条路由路径上的中继节点时所对应的操作和访问情况的 日志,以及芯片本身的资源利用情况。在该过程中,计算出中继节点的第三量子密钥的中间步骤以及中间所使用到的相关信息结果是不可公开的。本申请实施例中中继节点可以将其相关的信息,比如作为中继节点的操作和访问情况的日志公开,从而也可以有助于分析网络运行状况,进而可以提升对客户的透明度。Fourth, the related information of the third quantum key of the relay node can be published, so that the secure storage requirement for the information can be reduced. This lays the foundation for further realizing that all information related to the attributes of the relay node is published. A node can publish a log of the operation and access conditions when the node acts as a relay node on a routing path, and the chip itself. Resource utilization. In this process, the intermediate steps of calculating the third quantum key of the relay node and the related information results used in the middle are not public. In the embodiment of the present application, the relay node may disclose related information, such as a log of the operation and access status of the relay node, so as to help analyze the network running status, thereby improving the transparency to the client.
在本申请实施例中,该目标路由路径中的第i-1个节点对应的第二量子密钥与该目标路由路径的第i个节点对应的第一量子密钥相同,且,该目标路由路径中的第i个节点对应的第二量子密钥与该目标路由路径的第i+1个节点对应的第一量子密钥相同。比如图4中,K
BD(L
2)与K
DB(L
2)相同,K
DE(L
2)与K
ED(L
2)相同,K
EG(L
2)与K
GE(L
2)相同,K
GQ(L
2)与K
QG(L
2)相同,从而可以使目的节点解析出待共享量子密钥。
In the embodiment of the present application, the second quantum key corresponding to the i-1th node in the target routing path is the same as the first quantum key corresponding to the i th node of the target routing path, and the target route is The second quantum key corresponding to the i-th node in the path is the same as the first quantum key corresponding to the i+1th node of the target routing path. For example, in FIG. 4, K BD (L 2 ) is the same as K DB (L 2 ), K DE (L 2 ) is the same as K ED (L 2 ), and K EG (L 2 ) is the same as K GE (L 2 ). K GQ (L 2 ) is the same as K QG (L 2 ), so that the destination node can resolve the quantum key to be shared.
上述图4和图5中以第一算法和第二算法均为异或算法为例进行介绍,本领域技术人员可知,第一算法和第二算法也可以为其它算法。在上述步骤303中根据该目标路由路径的第i个节点对应的第一量子密钥和该目标路由路径的第i个节点对应的第二量子密钥,生成该目标路由路径的第i个节点对应的第三量子密钥时所使用的算法为第二算法,第i个节点使用该目标路由路径的第i个节点对应的第三量子密钥对接收到的来自该目标路由路径中的第i-1个节点的第一密文进行加密的算法为第一算法。The above-mentioned FIG. 4 and FIG. 5 are described by taking the first algorithm and the second algorithm as an exclusive OR algorithm. Those skilled in the art may know that the first algorithm and the second algorithm may also be other algorithms. In the foregoing step 303, the i-th node of the target routing path is generated according to the first quantum key corresponding to the i-th node of the target routing path and the second quantum key corresponding to the i-th node of the target routing path. The algorithm used in the corresponding third quantum key is a second algorithm, and the i-th node uses the third quantum key pair corresponding to the i-th node of the target routing path to receive the first from the target routing path. The algorithm for encrypting the first ciphertext of i-1 nodes is the first algorithm.
一种可选地实施方式中,第一算法满足公式(1):In an alternative embodiment, the first algorithm satisfies equation (1):
g(f
E(K
i-1,i-2(L
j),K
i-1,i(L
j)),f
E(K
i,i-1(L
j),K
i,i+1(L
j)))=f
E(K
i-1,i-2(L
j),K
i,i+1(L
j))……公式(1)
g(f E (K i-1,i-2 (L j ),K i-1,i (L j )),f E (K i,i-1 (L j ),K i,i+1 (L j )))=f E (K i-1,i-2 (L j ),K i,i+1 (L j ))...Formula (1)
在公式(1)中,L
j为该目标路由路径的标识;
In formula (1), L j is an identifier of the target routing path;
K
i-1,i-2(L
j)为该目标路由路径L
j中第i-1个节点对应的第一量子密钥;
K i-1,i-2 (L j ) is the first quantum key corresponding to the i-1th node in the target routing path L j ;
K
i-1,i(L
j)为该目标路由路径L
j中第i-1个节点对应的第二量子密钥;
K i-1,i (L j ) is a second quantum key corresponding to the i-1th node in the target routing path L j ;
K
i,i-1(L
j)为该目标路由路径L
j中第i个节点对应的第一量子密钥;
K i,i-1 (L j ) is the first quantum key corresponding to the i th node in the target routing path L j ;
K
i,i+1(L
j)为该目标路由路径L
j中第i个节点对应的第二量子密钥;
K i,i+1 (L j ) is a second quantum key corresponding to the i th node in the target routing path L j ;
其中,f
E(·)为第二算法对应的函数,第二算法为根据该目标路由路径的第i个节点对应的第一量子密钥和该目标路由路径的第i个节点对应的第二量子密钥,生成该目标路由路径的第i个节点对应的第三量子密钥时所使用的算法;
Where f E (·) is a function corresponding to the second algorithm, and the second algorithm is a first quantum key corresponding to the i-th node of the target routing path and a second corresponding to the i-th node of the target routing path a quantum key, an algorithm used to generate a third quantum key corresponding to the i-th node of the target routing path;
g(·)为第一算法对应的函数。g(·) is a function corresponding to the first algorithm.
结合图4举个例子,比如当第i个节点为中继节点E时,上述公式(1)可以对应写为:For example, in combination with FIG. 4, for example, when the i-th node is the relay node E, the above formula (1) can be correspondingly written as:
g(f
E(K
DB(L
2),K
DE(L
2)),f
E(K
ED(L
2),K
EG(L
2)))=f
E(K
DB(L
2),K
EG(L
2))
g(f E (K DB (L 2 ), K DE (L 2 )), f E (K ED (L 2 ), K EG (L 2 )))=f E (K DB (L 2 ), K EG (L 2 ))
其中,f
E(K
DB(L
2),K
DE(L
2))是对路由路径L
2的中继节点D对应的第一量子密钥K
DB(L
2)和路由路径L
2的中继节点D对应的第二量子密钥K
DE(L
2)进行第二算法对应的运算,f
E(K
DB(L
2),K
DE(L
2))的计算结果即为图4中所示的路由路径L
2的中继节点D对应的第三量子密钥K
BE(L
2);
Wherein, f E (K DB (L 2), K DE (L 2)) is a first routing path quantum repeater node D L 2 corresponding to key K DB (L 2) 2 L, and the routing path The second quantum key K DE (L 2 ) corresponding to the node D performs the operation corresponding to the second algorithm, and the calculation result of f E (K DB (L 2 ), K DE (L 2 )) is as shown in FIG. 4 . The third quantum key K BE (L 2 ) corresponding to the relay node D of the routing path L 2 ;
f
E(K
ED(L
2),K
EG(L
2))是对路由路径L
2的中继节点E对应的第一量子密钥K
ED(L
2)和路由路径L
2的中继节点E对应的第二量子密钥K
EG(L
2)进行第二算法对应的运算,f
E(K
ED(L
2),K
EG(L
2))的计算结果即为图4中所示的路由路径L
2的中继节点E对应的第三量子密钥K
DG(L
2);
f E (K ED (L 2 ), K EG (L 2)) is a first routing path L E quantum relay node 2 corresponding to key K ED (L 2) and the routing path L of the relay nodes 2 The second quantum key K EG (L 2 ) corresponding to E performs the operation corresponding to the second algorithm, and the calculation result of f E (K ED (L 2 ), K EG (L 2 )) is as shown in FIG. a third quantum key K DG (L 2 ) corresponding to the relay node E of the routing path L 2 ;
g(f
E(K
DB(L
2),K
DE(L
2)),f
E(K
ED(L
2),K
EG(L
2)))是对路由路径L
2的中继节点D对应的第三量子密钥K
BE(L
2)和路由路径L
2的中继节点E对应的第三量子密钥K
DG(L
2)进行第一算法对应的运算,当K
DE(L
2)与K
ED(L
2)相同相同时,其结果等于f
E(K
DB(L
2),K
EG(L
2))。
g(f E (K DB (L 2 ), K DE (L 2 )), f E (K ED (L 2 ), K EG (L 2 ))) is a relay node D corresponding to the routing path L 2 The third quantum key K BE (L 2 ) and the third quantum key K DG (L 2 ) corresponding to the relay node E of the routing path L 2 perform the operation corresponding to the first algorithm, when K DE (L 2 ) When identical to K ED (L 2 ), the result is equal to f E (K DB (L 2 ), K EG (L 2 )).
当应用上述公式(1)时,且结合图4中各个节点对应的第三量子密钥的计算方式, 以及各个节点对应的第二密文的计算方式,结合图4进行示例性说明,目的节点Q所进行的运算可以视为如下公式(2)所示:When the above formula (1) is applied, and the calculation manner of the third quantum key corresponding to each node in FIG. 4 and the calculation manner of the second ciphertext corresponding to each node are combined with FIG. 4, the destination node is used. The operation performed by Q can be considered as shown in the following formula (2):
在公式(2)中,可以看出,目的节点对接收到的第一密文进行操作后,可以得到待共享量子密钥。本领域技术人员可知,在目的节点的实际操作中,可以并不执行如上述公式(2)所示的详细计算结果,仅仅目的节点对接收到的K
G(L
2)使用K
QG(L
2)进行第一算法对应的运算即可。
In the formula (2), it can be seen that after the destination node operates the received first ciphertext, the quantum key to be shared can be obtained. It can be known by those skilled in the art that in the actual operation of the destination node, the detailed calculation result as shown in the above formula (2) may not be performed, and only the destination node uses K QG (L 2 ) for the received K G (L 2 ). The operation corresponding to the first algorithm may be performed.
上述图4和图5中仅仅以第一算法、第二算法、第三算法和第四算法均为异或算法为例进行说明,在具体实施过程中,第一算法、第二算法、第三算法和第四算法有多种实现方式,比如两个节点对应使用的两套第一算法为两套不同的算法,或者两个节点对应使用的两套第二算法为两套不同的算法。In the foregoing FIG. 4 and FIG. 5, only the first algorithm, the second algorithm, the third algorithm, and the fourth algorithm are all XOR algorithms are taken as an example. In the specific implementation process, the first algorithm, the second algorithm, and the third There are several implementations of the algorithm and the fourth algorithm. For example, two sets of first algorithms corresponding to two nodes are two sets of different algorithms, or two sets of second algorithms corresponding to two nodes are two sets of different algorithms.
比如,f
E(·)可以是一个函数集合,其中可以包括一系列加密函数{f
E0,f
E1...},还可以设置一个解密函数f
D,其中,f
E0为上述第三算法,用于对源节点和目的节点之间的待共享量子密钥进行加密处理,f
E1,f
E2...则分别是各个中继节点用于计算第三量子密钥,以及对接收到的第一密文进行加密操作所使用的函数,即为第一算法对应的函数和第二算法对应的函数相同(比如f
E1为路由路径中第1个中继节点用于计算第1个中继节点对应的第三量子密钥,以及对接收到的第一密文进行加密操作所使用的函数),f
D为第四算法,即目的节点对接收到的第一密文进行解密处理,从而得到待共享量子密钥。其中,{f
E0,f
E1...}和f
D中的任两个函数可以相同,也可以不同,本申请实施例中不做限制。
For example, f E (·) can be a function set, which can include a series of encryption functions {f E0 , f E1 ...}, and can also set a decryption function f D , where f E0 is the above third algorithm, For encrypting the quantum key to be shared between the source node and the destination node, f E1 , f E2 ... are respectively used by each relay node to calculate the third quantum key, and the received The function used by a ciphertext to perform the encryption operation is that the function corresponding to the first algorithm is the same as the function corresponding to the second algorithm (for example, f E1 is the first relay node in the routing path used to calculate the first relay node) Corresponding third quantum key, and a function used for performing the encryption operation on the received first ciphertext, f D is a fourth algorithm, that is, the destination node decrypts the received first ciphertext, thereby obtaining The quantum key to be shared. The two functions of the {f E0 , f E1 ... } and the f D may be the same or different, and are not limited in the embodiment of the present application.
通过上述示例可以看出,本申请实施例中,在不知道在量子密钥分配进程中所使用到的相邻两个节点之间共享的量子密钥(包括不知道目的节点和目的节点的前一个节点之间共享的量子密钥)的前提下,任何人获取部分或全部节点的第三量子密钥以及源节点发出的第二密文,都无法计算出待共享量子密钥,从而可以提高量子密钥分配过程的安全性。As can be seen from the above example, in the embodiment of the present application, the quantum key shared between the adjacent two nodes used in the quantum key distribution process is unknown (including the front node and the destination node are not known). Under the premise of a quantum key shared between nodes, any person can obtain the quantum key to be shared by acquiring the third quantum key of some or all nodes and the second ciphertext sent by the source node, thereby improving The security of the quantum key distribution process.
本申请实施例再列举一种第一算法和第二算法的可选实施方式:比如可以定义第二算法为每两位做模4的减法运算,具体来说:An embodiment of the present application further enumerates an optional implementation manner of the first algorithm and the second algorithm. For example, the second algorithm may be defined to perform a subtraction operation of the modulo 4 for each two bits, specifically:
比如针对f
E(·)函数集合{f
E0,f
E1...}中的任一个函数,输入为两个长度为2n的二进制序列,比如X=x
1x
2...x
2k-1x
2k...x
2n-1x
2n,Y=y
1y
2...y
2k-1y
2k...y
2n-1y
2n,其输出仍为一个长度为2n的二进制序列,比如Z=z
1z
2...z
2k-1z
2k...z
2n-1z
2n=f
E(X,Y),则z
2k-1z
2k的得出可以遵循如下计算方法:
For example, for any of the f E (·) function sets {f E0 , f E1 ...}, the input is two binary sequences of length 2n, such as X=x 1 x 2 ...x 2k-1 x 2k ... x 2n-1 x 2n , Y = y 1 y 2 ... y 2k-1 y 2k ... y 2n-1 y 2n , whose output is still a binary sequence of length 2n, such as Z=z 1 z 2 ...z 2k-1 z 2k ...z 2n-1 z 2n =f E (X,Y), then the calculation of z 2k-1 z 2k can follow the following calculation method:
计算a
k=2x
2k-1+x
2k,b
k=2y
2k-1+y
2k;且:
Calculate a k = 2x 2k-1 + x 2k , b k = 2y 2k-1 + y 2k ; and:
如果a
k≥b
k,则z
2k-1z
2k就是a
k-b
k的二进制表示;如果a
k<b
k,则z
2k-1z
2k就是a
k-b
k+4的二进制表示。
If a k ≥ b k , then z 2k-1 z 2k is the binary representation of a k -b k ; if a k <b k , then z 2k-1 z 2k is the binary representation of a k -b k +4 .
而解密函数f
D可以为每两位做模4的加法运算,则不难验证,该示例中的函数也可以满足上述实施方案。另注释,上述公式(1)并不是满足本申请实施例所提供的方案的充要条件,仅是一个充分条件,也可以存在其它满足上述实施例的数学特征的函数形式,本申请实施例不做限制。
While the decryption function f D can perform the addition of modulo 4 for every two bits, it is not difficult to verify that the function in this example can also satisfy the above embodiment. It is to be noted that the above formula (1) is not a sufficient and sufficient condition for satisfying the solution provided by the embodiment of the present application, and is only a sufficient condition, and other functional forms satisfying the mathematical features of the above embodiment may be present, and the embodiment of the present application does not. Make restrictions.
本申请实施例适用的通信系统可以包括多个路由路径,若N为大于1的整数,则针对经过第i个节点的N条路由路径中的第一路由路径和第二路由路径:第一路由路径的第i个节点对应的第一量子密钥与第二路由路径的第i个节点对应的第一量子密钥不同;第一路由路径的第i个节点对应的第二量子密钥与第二路由路径的第i个节点对应的第二量子密钥不同。第一路由路径和第二路由路径为N条路由路径中的两条不同的路由路径。如上述图2所示,经过中继节点D有五条路由路径,针对其中任两条路由路径,比如路由路径L
1和路由路径L
5,其中,中继节点D在路由路径L
1中对应的第一量子密钥与中继节点D在路由路径L
5中对应的第一量子密钥不同,中继节点D在路由路径L
1中对应的第二量子密钥与中继节点D在路由路径L
5中对应的第二量子密钥不同。也就是说,针对每条路由路径,节点为该路由路径分配对应的量子密钥,从而实现一次一密,可以进一步提高量子密钥分配的安全性。且本申请实施例可以适用多路径的情况,适用的网络可以更为复杂。
The communication system to which the embodiment of the present application is applicable may include multiple routing paths. If N is an integer greater than 1, the first routing path and the second routing path in the N routing paths through the i-th node: the first route The first quantum key corresponding to the i-th node of the path is different from the first quantum key corresponding to the i-th node of the second routing path; the second quantum key corresponding to the i-th node of the first routing path The second quantum key corresponding to the i-th node of the two routing paths is different. The first routing path and the second routing path are two different routing paths in the N routing paths. As shown in FIG. 2 above, there are five routing paths through the relay node D, for any two of the routing paths, such as the routing path L 1 and the routing path L 5 , wherein the relay node D corresponds to the routing path L 1 The first quantum key is different from the first quantum key corresponding to the relay node D in the routing path L 5 , and the relay node D is in the routing path L 1 corresponding to the second quantum key and the relay node D in the routing path The corresponding second quantum key in L 5 is different. That is to say, for each routing path, the node allocates a corresponding quantum key for the routing path, thereby realizing one time and one secret, which can further improve the security of quantum key distribution. Moreover, the embodiment of the present application can be applied to the case of multipath, and the applicable network can be more complicated.
量子通信系统在实际应用中,会不断的产生量子密钥,以推送给密钥管理层,因此可以为每个量子密钥分配一个编号,量子密钥对应的编号也可以称为该量子密钥对应的标识。以图2为例,节点D和节点E之间持续的生成量子密钥K
DE,可以以256比特为一个量子密钥长度,每个量子密钥的编号都对应一个256比特的量子密钥。经过节点D和节点E的路由路径有多条,比如图2中所展示的路由路径L
1、路由路径L
2和路由路径L
3。则节点D和节点E分别需要把节点D和节点E之间产生的量子密钥分配给路由路径L
1、路由路径L
2和路由路径L
3。本申请实施例中要求节点D为一条路由路径分配的第二量子密钥与节点E为该目标路由路径分配的第一量子密钥是同一个量子密钥,比如,要求节点D为路由路径L
1分配的第二量子密钥与节点E为路由路径L
1分配的第一量子密钥是同一个量子密钥。为了满足该要求,可以在上述步骤301之前,获取第一对应关系,在上述步骤302之前,获取第二对应关系。第一对应关系和第二对应关系可以有多种表现形式,比如用表格的形式,或者文本的形式等等,本申请实施例不做限制,下述内容以表格形式进行示例性介绍。
In practical applications, quantum communication systems will continuously generate quantum keys for push to the key management layer. Therefore, each quantum key can be assigned a number, and the number corresponding to the quantum key can also be called the quantum key. Corresponding identifier. Taking FIG. 2 as an example, the quantum key K DE is continuously generated between the node D and the node E, and 256 bits can be used as a quantum key length, and each quantum key number corresponds to a 256-bit quantum key. There are multiple routing paths through node D and node E, such as routing path L 1 , routing path L 2 and routing path L 3 shown in FIG. Then, the node D and the node E respectively need to allocate the quantum key generated between the node D and the node E to the routing path L 1 , the routing path L 2 , and the routing path L 3 . In the embodiment of the present application, the second quantum key allocated by the node D for one routing path and the first quantum key allocated by the node E for the target routing path are the same quantum key. For example, the node D is required to be the routing path L. a second quantum key distribution node E L 1 is assigned the routing path of the first quantum key is the same quantum key. In order to meet the requirement, the first correspondence may be acquired before the foregoing step 301, and the second correspondence is obtained before the step 302. The first correspondence and the second correspondence may be in various forms, for example, in the form of a table, or in the form of a text, etc., and the embodiments of the present application are not limited, and the following content is exemplarily described in the form of a table.
上述步骤301中的第一对应关系和上述步骤302中的第二对应关系的获取可以有多种方式,下面通过可选地实施方式a1、实施方式a2和实施方式a3介绍几种获取第一对应关系中路由路径的第i个节点对应的第一量子密钥的方式。The first corresponding relationship in the foregoing step 301 and the second corresponding relationship in the foregoing step 302 may be obtained in multiple manners. In the following, the first implementation is performed by using the optional implementation a1, the implementation a2, and the implementation a3. The way in which the i-th node of the routing path corresponds to the first quantum key.
实施方式a1,通过集中控制器下发用于指示第一对应关系中目标路由路径的第i个节点对应的第一量子密钥指示信息。In the embodiment a1, the first quantum key indication information corresponding to the i th node indicating the target routing path in the first correspondence relationship is sent by the centralized controller.
第i个节点接收集中控制器发送的用于指示该目标路由路径的第i个节点对应的第一量子密钥的指示信息。本申请实施例中,用于指示该目标路由路径的第i个节点对应的第一量子密钥的指示信息可以直接是目标路由路径的第i个节点对应的第一量子密钥,也可以其它能指示出这种对应关系的信息。可选地,第i个节点接收集中控制器发送的用于指示该目标路由路径的第i个节点对应的第二量子密钥的指示信息。集中控制器可以收集全网的业务请求,并可以优化计算全网的路由路径,之后可以统一计算每个节点作为节点时所对应的第一对应关系,然后下发至相应的节点。The i th node receives the indication information of the first quantum key corresponding to the i th node of the target routing path sent by the centralized controller. In the embodiment of the present application, the indication information of the first quantum key corresponding to the i th node of the target routing path may be directly the first quantum key corresponding to the i th node of the target routing path, or may be other Information indicating this correspondence. Optionally, the i th node receives the indication information that is sent by the centralized controller and is used to indicate the second quantum key corresponding to the i th node of the target routing path. The centralized controller can collect the service request of the entire network, and can optimize the calculation of the routing path of the entire network. Then, the first correspondence corresponding to each node as a node can be uniformly calculated and then delivered to the corresponding node.
实施方式a2,通过该目标路由路径对应的第i-1个节点发送用于指示第一对应关系中目标路由路径的第i个节点对应的第一量子密钥的指示信息。In the embodiment a2, the i th-1 node corresponding to the target routing path sends indication information indicating the first quantum key corresponding to the i th node of the target routing path in the first correspondence.
该实施方式中,路由路径对应的第i-1个节点可以计算出该目标路由路径对应的第i-1个节点对应的第二量子密钥,之后发送至第i个节点,由于该目标路由路径对应的第i-1 个节点对应的第二量子密钥与该目标路由路径对应的第i个节点对应的第一量子密钥相同,因此,第i个节点可以获知第一对应关系中的该目标路由路径的第i个节点对应的第一量子密钥。In this implementation manner, the i-1th node corresponding to the routing path may calculate the second quantum key corresponding to the i-1th node corresponding to the target routing path, and then send to the i th node, because the target route The second quantum key corresponding to the i-1th node corresponding to the path is the same as the first quantum key corresponding to the i th node corresponding to the target routing path, and therefore, the i th node can learn the first correspondence The first quantum key corresponding to the i-th node of the target routing path.
基于该实施方式,一种可选地实施方式中,目标路由路径中的每个节点(除目标节点之外)均计算每个节点在目标路由路径上对应的第二量子密钥,之后每个节点均将自己在目标路由路径上对应的第二量子密钥发送给自己在目标路由路径上的下一个节点,由于每个节点在目标路由路径上对应的第二量子密钥与每个节点的在目标路由路径上的下一个节点在目标路由路径上对应的第一量子密钥相同,如此,目标路由路径中的节点可以通过实施方式a2的方式获取第一对应关系中路由路径的第i个节点对应的第一量子密钥。Based on this embodiment, in an optional implementation, each node in the target routing path (except the target node) calculates a second quantum key corresponding to each node on the target routing path, and then each Each node sends its own second quantum key on the target routing path to its next node on the target routing path, because each node corresponds to the second quantum key on the target routing path and each node The first node on the target routing path has the same first quantum key on the target routing path. Thus, the node in the target routing path can obtain the ith of the routing path in the first correspondence by way of embodiment a2. The first quantum key corresponding to the node.
实施方式a3,第i个节点根据获取的量子通信系统的网络拓扑信息和第一预设规则确定该目标路由路径的第i个节点对应的第一量子密钥。In the embodiment a3, the i-th node determines the first quantum key corresponding to the i-th node of the target routing path according to the acquired network topology information of the quantum communication system and the first preset rule.
针对上述实施方式a3,第i个节点根据获取的量子通信系统的网络拓扑信息和第一预设规则确定该目标路由路径的第i个节点对应的第一量子密钥,可以有多种实施方式,下面通过可选地实施方式a3-1、实施方式a3-2和实施方式a3-3进行介绍。For the foregoing embodiment a3, the i-th node determines the first quantum key corresponding to the i-th node of the target routing path according to the acquired network topology information of the quantum communication system and the first preset rule, and may have multiple implementation manners. The following is described by way of optional embodiment a3-1, embodiment a3-2 and embodiment a3-3.
实施方式a3-1Embodiment a3-1
第i个节点根据经过第i个节点的N条路由路径中的多个第i-1个节点的编号之间的排序关系、经过第i个节点的多条路由路径中的N个第i+1个节点的编号之间的排序关系,以及经过第i个节点的N条路由路径的编号之间的排序关系,确定出经过第i个节点的多条路由路径的排序,并依序确定出该目标路由路径的第i个节点对应的第一量子密钥。The i-th node is based on the ordering relationship between the numbers of the plurality of i-1th nodes in the N routing paths passing through the i-th node, and the nth i+ in the plurality of routing paths passing through the i-th node The ordering relationship between the number of one node and the ordering relationship between the numbers of the N routing paths of the i-th node determine the ordering of multiple routing paths through the i-th node, and sequentially determine The first quantum key corresponding to the i-th node of the target routing path.
图6示例性示出了图2中的节点D应用实施方式a3-1生成节点D对应的第一对应关系的示意图,如图6所示,在图2所示的6条路由路径中,每个节点会有一个全局编号,可选地,每个节点的全局编号之间可以有排序关系,比如可以用阿拉伯数字、或者字母或者一些有预设排序关系的字符来表示,图2中假设各个节点对应的字母之间的排序关系遵循字母表的排序,则如图6所示,节点D作为中继节点的所有路由路径为L
1至L
5,先将该5条路由路径中的节点D的上一跳节点排序,如图6所示,节点D的上一跳节点有两个,分别为节点B和节点C,排序如图6中第二列所示。
FIG. 6 is a schematic diagram showing the first correspondence relationship corresponding to the generation of the node D by the node D application embodiment a3-1 in FIG. 2, as shown in FIG. 6, in the six routing paths shown in FIG. Each node will have a global number. Optionally, each node's global number can have a sort relationship. For example, it can be represented by Arabic numerals, or letters or some characters with a preset ordering relationship. ordering relationship between the nodes follow the alphabet letters corresponding to the sort, as shown in FIG 6, relay node as node D for all the routing path L 1 to L 5, 5 to the nodes in the path from the route D The previous hop node is sorted. As shown in FIG. 6, there are two previous hop nodes of node D, which are node B and node C, respectively, and the sorting is as shown in the second column of FIG.
进一步,将节点D的上一跳节点为B节点的4条路由路径中的节点D的下一跳节点排序,如图6所示,节点D的上一跳节点为B节点时,节点D的下一跳节点为节点E和节点F,排序如图6中第三列中的第2行至第第5行所示。将节点D的上一跳节点为C节点的1条路由路径中的节点C的下一跳节点排序,如图6所示,节点D的上一跳节点为C节点时,节点D的下一跳节点为节点F,排序如图6中第三列中的第6行所示。Further, the next hop node of the node D is the next hop node of the node D in the four routing paths of the node B, as shown in FIG. 6, when the previous hop node of the node D is the B node, the node D The next hop node is node E and node F, and the ordering is as shown in the second row to the fifth row in the third column of FIG. The next hop node of the node D is the next hop node of the node C in one routing path of the C node, as shown in FIG. 6, when the last hop node of the node D is the C node, the next node D The hop node is node F, and the ordering is as shown in the sixth row in the third column of FIG.
进一步,当经过同一个节点D的上一跳节点以及经过同一个节点D的下一跳节点的路由路径有多条时,可以根据路由路径的全局编号来排序。可选地,每条路由路径在全局可以有一个编号,路由路径的编号之间可以有排序关系。假设图2中的6条路由路径的编号在全局的排序关系依次为L
1至L
6。如图6所示,经过节点B、节点D和节点E的路由路径有3条,分别为L
1、L
2和L
3。第四列中的第2行至第4行即为根据L
1、L
2和L
3的编号在全局的排序关系所呈现。而经过节点B、节点D和节点F的路由路径仅有一条,经过节点C、节点D和节点F的路由路径也仅有一条,相应排在图6的第3列的第5行和第6行即可。
Further, when there are multiple routing paths through the previous hop node of the same node D and the next hop node passing the same node D, the routing may be sorted according to the global number of the routing path. Optionally, each routing path may have a number globally, and the routing path numbers may have a sorting relationship. It is assumed that the ordering numbers of the six routing paths in FIG. 2 are L 1 to L 6 in order . 6, after the Node B, the path routing nodes D and E 3 are, respectively, L 1, L 2 and L 3. Lines 2 through 4 of the fourth column are presented in a global ordering relationship according to the numbers of L 1 , L 2 , and L 3 . There is only one routing path through node B, node D and node F, and there is only one routing path through node C, node D and node F, correspondingly ranked in the fifth row and sixth of the third column of Fig. 6. OK.
从图6中可以看出,节点D已经对经过节点D的所有路由路径均作了排序,之后可以 依据该排序关系依次为各个路由路径分配量子密钥,如图6的第4列所示,以图6第4列的第2行和第3行为例进行说明,节点D为路由路径L
1分配的第一量子密钥为K
DB(L
1),节点D为路由路径L
2分配的第一量子密钥为K
DB(L
2)。
As can be seen from FIG. 6, the node D has already sorted all the routing paths passing through the node D, and then can assign the quantum key to each routing path according to the sorting relationship, as shown in the fourth column of FIG. The second row and the third behavior example in the fourth column of FIG. 6 are explained. The first quantum key assigned by the node D to the routing path L 1 is K DB (L 1 ), and the node D is assigned to the routing path L 2 . A quantum key is K DB (L 2 ).
可选地,可能某条路由路径上的量子密钥消耗量比较大,因此可以根据每条路由路径上的量子密钥消耗量和/或者业务的属性信息为每条路由路径设置权重,从而决定为每条路由路径在每个量子密钥分配周期内所分配的量子密钥的数量。也就是说,K
DB(L
1)仅仅是节点D为路由路径L
1分配的第一量子密钥对应的标识,当在一个量子密钥分配周期仅仅为路由路径L1分配一个量子密钥时,假设一个量子密钥长度为256比特,则K
DB(L
1)在每个量子密钥分配周期内可以是一个256比特的量子密钥对应的标识;若在一个量子密钥分配周期为路由路径L1分配多个(比如3个)量子密钥时,假设一个量子密钥长度为256比特,则K
DB(L
1)在每个量子密钥分配周期内可以是3个256比特的量子密钥对应的标识。
Optionally, the quantum key consumption on a certain routing path may be relatively large. Therefore, the weight of each routing path may be set according to the quantum key consumption amount and/or the attribute information of the service on each routing path, thereby determining The number of quantum keys allocated for each quantum key distribution period for each routing path. That is, K DB (L 1 ) is only the identifier corresponding to the first quantum key assigned by the node D to the routing path L 1 , and when only one quantum key is assigned to the routing path L1 in a quantum key allocation period, Assuming a quantum key length of 256 bits, K DB (L 1 ) may be a 256-bit quantum key corresponding identifier in each quantum key allocation period; if a quantum key distribution period is a routing path When L1 allocates multiple (such as 3) quantum keys, assuming a quantum key length of 256 bits, K DB (L 1 ) can be three 256-bit quantum keys in each quantum key allocation period. Corresponding identifier.
具体实施中,路由路径的排序方案灵活多变,图6仅仅示出了一种可能地实施方式,也可以有其它的实施方式,比如先根据经过第i个节点的多条路由路径中的多个第i+1个节点的编号之间的排序关系对多个第i+1个节点排序,再根据经过第i个节点的多条路由路径中的多个第i-1个节点的编号之间的排序关系对多个第i-1个节点排序,最后再根据经过第i个节点的多条路由路径的编号之间的排序关系对多条路由路径排序等等,在此不再赘述。In a specific implementation, the routing scheme of the routing path is flexible, and FIG. 6 only shows one possible implementation manner, and may also have other implementation manners, for example, according to multiple routing paths passing through the i-th node. The ordering relationship between the numbers of the i+1th nodes sorts the plurality of i+1th nodes, and according to the number of the i-1th nodes in the plurality of routing paths passing through the i-th node The ordering relationship between the plurality of i-1th nodes is sorted, and then the routing paths are sorted according to the ordering relationship between the numbers of the plurality of routing paths of the i-th node, and so on, and details are not described herein.
实施方式a3-2Embodiment a3-2
第i个节点根据经过第i个节点的N条路由路径中的多个第i+1个节点的编号之间的排序关系,以及经过第i个节点的N条路由路径的编号之间的排序关系,确定出经过第i个节点的多条路由路径的排序,并依序确定出该目标路由路径的第i个节点对应的第一量子密钥。The ordering relationship between the numbers of the i-th nodes in the N routing paths passing through the i-th node and the numbering of the N routing paths passing through the i-th node The relationship determines the order of the plurality of routing paths through the i-th node, and sequentially determines the first quantum key corresponding to the i-th node of the target routing path.
图7示例性示出了图2中的节点D应用实施方式a3-2生成路由路径L
2的节点D对应的第一量子密钥的示意图,如图7所示,该示例中,可以先确定经过节点D的多条路由路径分别为L
1、L
2、L
3、L
4和L
5。之后,可以针对路由路径L
1、L
2、L
3、L
4和L
5中节点D的下一跳排序,如图7的第二列的第2行至第6行所示,经过节点D的多条路由路径对应的下一跳包括节点E和节点F,之后,再针对路由路径L
1、L
2、L
3、L
4和L
5的路由路径的编号进行排序,排序结果如图7的第三列的第2行至第6行所示,之后依据路由路径L
1、L
2、L
3、L
4和L
5的排序依序为每个路由路径分配节点D在各个路由路径对应的第一量子密钥。
FIG. 7 exemplarily shows a schematic diagram of the first quantum key corresponding to the node D that generates the routing path L 2 by the node D application embodiment a3-2 in FIG. 2, as shown in FIG. 7, in this example, it may be determined first. The plurality of routing paths through node D are L 1 , L 2 , L 3 , L 4 , and L 5 , respectively . Thereafter, the next hop ordering of the nodes D in the routing paths L 1 , L 2 , L 3 , L 4 , and L 5 may be performed, as shown in the second row to the sixth row of the second column of FIG. 7 , passing through the node D The next hop corresponding to the multiple routing paths includes node E and node F, and then sorts the routing path numbers of the routing paths L 1 , L 2 , L 3 , L 4 , and L 5 , and the ranking result is as shown in FIG. 7 . In the second row to the sixth row of the third column, the node D is assigned to each routing path in sequence according to the order of the routing paths L 1 , L 2 , L 3 , L 4 , and L 5 . The first quantum key.
实施方式a3-3Embodiment a3-3
第i个节点根据经过第i个节点的N条路由路径的编号之间的排序关系,确定出经过第i个节点的N条路由路径的排序,并依序确定出该目标路由路径的第i个节点对应的第一量子密钥。The i-th node determines the order of the N routing paths through the i-th node according to the ordering relationship between the numbers of the N routing paths passing through the i-th node, and sequentially determines the i-th of the target routing path. The first quantum key corresponding to each node.
图8示例性示出了图2中的节点D应用实施方式a3-3生成路由路径L
2的节点D对应的第一量子密钥的示意图,如图8所示,可以先确定经过节点D的多条路由路径分别为L
1、L
2、L
3、L
4和L
5。之后,可以针对路由路径L
1、L
2、L
3、L
4和L
5的路由路径的编号进行排序,排序结果如图8的第二列的第2行至第6行所示,之后依据路由路径L
1、L
2、L
3、L
4和L
5的排序依序为每个路由路径分配对应的第一量子密钥。
FIG. 8 exemplarily shows a schematic diagram of the first quantum key corresponding to the node D of the node D applying the implementation manner a3-3 of FIG. 2 to generate the routing path L 2 . As shown in FIG. 8 , the node D may be determined first. The plurality of routing paths are L 1 , L 2 , L 3 , L 4 , and L 5 , respectively . After that, the number of the routing paths of the routing paths L 1 , L 2 , L 3 , L 4 , and L 5 can be sorted, and the sorting result is shown in the second row to the sixth row of the second column of FIG. 8 , and then The ordering of the routing paths L 1 , L 2 , L 3 , L 4 and L 5 sequentially assigns a corresponding first quantum key to each routing path.
本申请实施例中通过可选地实施方式b1、实施方式b2和实施方式b3介绍几种获取第 二对应关系中路由路径的第i个节点对应的第二量子密钥的方式。In the embodiment of the present application, the manners of obtaining the second quantum key corresponding to the i-th node of the routing path in the second correspondence relationship are introduced by the optional implementation manner b1, the implementation manner b2, and the embodiment b3.
实施方式b1,通过集中控制器下发用于指示第二对应关系中路由路径的第i个节点对应的第二量子密钥的指示信息。In the embodiment b1, the indication information indicating the second quantum key corresponding to the i-th node of the routing path in the second correspondence relationship is sent by the centralized controller.
本申请实施例中,用于指示第二对应关系中路由路径的第i个节点对应的第二量子密钥的指示信息可以直接是目标路由路径的第i个节点对应的第而量子密钥,也可以其它能指示出这种对应关系的信息。可选地,第i个节点接收集中控制器发送的用于指示该目标路由路径的第i个节点对应的第一量子密钥的指示信息。集中控制器可以收集全网的业务请求,并可以优化计算全网的路由路径,之后可以统一计算每个节点作为节点时所对应的第二对应关系,然后下发至相应的节点。In the embodiment of the present application, the indication information of the second quantum key corresponding to the i th node of the routing path in the second correspondence relationship may be directly the first quantum key corresponding to the i th node of the target routing path. Other information indicating this correspondence may also be used. Optionally, the i th node receives the indication information that is sent by the centralized controller and is used to indicate the first quantum key corresponding to the i th node of the target routing path. The centralized controller can collect the service request of the entire network, and can optimize the calculation of the routing path of the entire network. Then, the second correspondence corresponding to each node as a node can be uniformly calculated and then delivered to the corresponding node.
实施方式b2,通过该目标路由路径对应的第i+1个节点发送用于指示第二对应关系中路由路径的第i个节点对应的第二量子密钥的指示信息。In the embodiment b2, the indication information indicating the second quantum key corresponding to the i-th node of the routing path in the second correspondence relationship is sent by the (i+1)th node corresponding to the target routing path.
该实施方式中,路由路径对应的第i+1个节点可以计算出该目标路由路径对应的第i+1个节点对应的第一量子密钥,之后发送至第i个节点,由于该目标路由路径对应的第i+1个节点对应的第一量子密钥与该目标路由路径对应的第i个节点对应的第二量子密钥相同,因此,第i个节点可以获知第二对应关系中的该目标路由路径的第i个节点对应的第二量子密钥。In this implementation manner, the i+1th node corresponding to the routing path may calculate the first quantum key corresponding to the i+1th node corresponding to the target routing path, and then send to the i th node, because the target route The first quantum key corresponding to the i+1th node corresponding to the path is the same as the second quantum key corresponding to the i th node corresponding to the target routing path, and therefore, the i th node can learn the second correspondence The second quantum key corresponding to the i-th node of the target routing path.
基于该实施方式,一种可选地实施方式中,目标路由路径中的每个节点(除源节点之外)均计算每个节点在目标路由路径上对应的第一量子密钥,之后每个节点均将自己在目标路由路径上对应的第一量子密钥发送给自己在目标路由路径上的上一个节点,由于每个节点在目标路由路径上对应的第一量子密钥与每个节点的在目标路由路径上的上一个节点在目标路由路径上对应的第二量子密钥相同,如此,目标路由路径中的节点可以通过实施方式b2的方式获取第二对应关系中路由路径的第i个节点对应的第二量子密钥。Based on this embodiment, in an optional implementation, each node in the target routing path (except the source node) calculates a first quantum key corresponding to each node on the target routing path, and then each Each node sends its first quantum key corresponding to the target routing path to its previous node on the target routing path, because each node corresponds to the first quantum key on the target routing path and each node The second node on the target routing path has the same second quantum key on the target routing path. Thus, the node in the target routing path can obtain the ith of the routing path in the second correspondence by the manner of embodiment b2. The second quantum key corresponding to the node.
实施方式b3,第i个节点根据获取的量子通信系统的网络拓扑信息和第二预设规则确定该目标路由路径的第i个节点对应的第二量子密钥。In the embodiment b3, the i-th node determines the second quantum key corresponding to the i-th node of the target routing path according to the acquired network topology information of the quantum communication system and the second preset rule.
针对上述实施方式b3,第i个节点根据获取的量子通信系统的网络拓扑信息和第二预设规则确定该目标路由路径的第i个节点对应的第二量子密钥,可以有多种实施方式,下面通过可选地实施方式b3-1和实施方式b3-2进行介绍。For the foregoing embodiment b3, the i-th node determines the second quantum key corresponding to the i-th node of the target routing path according to the acquired network topology information of the quantum communication system and the second preset rule, and may have multiple implementation manners. The following is described by way of alternative embodiment b3-1 and embodiment b3-2.
实施方式b3-1Embodiment b3-1
第i个节点根据经过第i个节点和该目标路由路径中的第i+1个节点的多条路由路径中的多个第i+2个节点的编号之间的排序关系,以及经过第i个节点和该目标路由路径中的第i+1个节点的多条路由路径的编号之间的排序关系,确定出经过第i个节点和该目标路由路径中的第i+1个节点的多条路由路径的排序,并依序确定出该目标路由路径的第i个节点对应的第二量子密钥。The i-th node according to the order relationship between the numbers of the plurality of i+2 nodes in the plurality of routing paths passing through the i-th node and the i+1th node in the target routing path, and the e-th The ordering relationship between the number of nodes and the number of routing paths of the i+1th node in the target routing path, and determining the number of i+1th nodes and the i+1th node in the target routing path Sorting the routing paths, and sequentially determining the second quantum key corresponding to the i-th node of the target routing path.
图9示例性示出了图2中的节点D应用实施方式b3-1生成节点D对应的第二对应关系的示意图,如图9所示,假设需要确定节点D和节点E之间共享的量子密钥,则需要先确定出经过节点D和节点E的所有路由路径,如图2所示,经过节点D和节点E的所有路由路径为L
1、L
2和L
3。之后,可以针对路由路径L
1、L
2和L
3中节点E的下一跳排序,排序结果如图6的第二列的第2行至第4行所示,路由路径L
1、L
2和L
3中节点E的下一跳有两个,分别为节点G和节点H,之后针对节点E的下一跳为节点G的多条路由路径,根据该多条路由路径的编号进行排序,如图9第三列的第2行至第3行所示,经过节点E 的下一跳为节点H的路由路径仅一条,则排在图9第3列的第4行即可。之后依据路由路径L
1、L
2和L
3的排序依序为每个路由路径分配节点D在各个路由路径对应的第二量子密钥。
FIG. 9 exemplarily shows a schematic diagram of the second correspondence corresponding to the generation of the node D by the node D application embodiment b3-1 in FIG. 2, and as shown in FIG. 9, it is assumed that the quantum shared between the node D and the node E needs to be determined. For the key, all routing paths through node D and node E need to be determined first. As shown in FIG. 2, all routing paths through node D and node E are L 1 , L 2 and L 3 . Thereafter, the next hop ordering of the node E in the routing paths L 1 , L 2 and L 3 can be sorted, as shown in the second row to the fourth row of the second column of FIG. 6, the routing paths L 1 , L 2 next hop and two L 3 in node E, node G and node are H, then for the next hop node E to node G by the multi-path routes, the multiple routes are sorted according to the number of paths, As shown in the second row to the third row of the third column of FIG. 9, the routing path of the node H after the next hop of the node E is only one, and it is arranged in the fourth row of the third column of FIG. Then, according to the order of the routing paths L 1 , L 2 and L 3 , the second quantum key corresponding to each routing path of the node D is allocated for each routing path.
可见,该实施方式b3-1,是先筛选出经过第i个节点和该目标路由路径中的第i+1个节点的多条路由路径,之后针对这些路由路径进行排序。It can be seen that in the embodiment b3-1, multiple routing paths passing through the i-th node and the i+1th node in the target routing path are first filtered, and then the routing paths are sorted.
图10示例性示出了图2中的节点E应用实施方式a3-1生成节点E对应的第一对应关系的示意图,如图10所示,节点E作为节点的所有路由路径为L
1、L
2、L
3和L
6,先将该4条路由路径中的节点E的上一跳节点排序,如图10所示,节点E的上一跳节点有两个,分别为节点D和节点R,排序如图10中第二列所示。
FIG. 10 exemplarily shows a first correspondence relationship between the node E application node a3-1 and the node E in FIG. 2, as shown in FIG. 10, all routing paths of the node E as a node are L 1 , L 2 , L 3 and L 6 , first sort the previous hop nodes of the node E in the four routing paths, as shown in FIG. 10, there are two upper hop nodes of the node E, respectively node D and node R. The sorting is shown in the second column of Figure 10.
进一步,将节点E的上一跳节点为D节点的3条路由路径中的节点E的下一跳节点排序,如图10所示,节点E的上一跳节点为D节点时,节点E的下一跳节点为节点G和节点H,排序如图10中第三列中的第2行至第第4行所示。将节点E的上一跳节点为R节点的1条路由路径中的节点R的下一跳节点排序,如图10所示,节点E的上一跳节点为R节点时,节点E的下一跳节点为节点H,排序如图10中第三列中的第5行所示。Further, the last hop node of the node E is the next hop node of the node E in the three routing paths of the D node, as shown in FIG. 10, when the last hop node of the node E is the D node, the node E The next hop node is node G and node H, and the ordering is as shown in the second row to the fourth row in the third column of FIG. The next hop node of the node E is the next hop node of the node R in one routing path of the R node, as shown in FIG. 10, when the last hop node of the node E is the R node, the next node E The hop node is node H, and the ordering is as shown in the fifth row in the third column of FIG.
进一步,如图10所示,经过节点D、节点E和节点G的路由路径有2条,分别为L
1和L
2。第四列中的第2行至第3行即为根据L
1和L
2的编号在全局的排序关系所呈现。而经过节点D、节点E和节点H的路由路径仅有一条,经过节点R、节点E和节点H的路由路径也仅有一条,相应排在图10的第3列的第4行和第5行即可。
Further, as shown in FIG. 10, there are two routing paths through the node D, the node E, and the node G, which are respectively L 1 and L 2 . Lines 2 through 3 of the fourth column are presented in a global ordering relationship based on the numbers of L 1 and L 2 . There is only one routing path through node D, node E and node H, and there is only one routing path through node R, node E and node H, correspondingly ranked 4th and 5th in the third column of Fig. 10. OK.
从图10中可以看出,节点E已经对经过节点E的所有路由路径均作了排序,之后可以依据该排序关系依次为各个路由路径分配节点E对应的各个路由路径对应的第一量子密钥。It can be seen from FIG. 10 that the node E has already sorted all the routing paths that pass through the node E, and then assigns the first quantum key corresponding to each routing path corresponding to the node E to each routing path according to the ordering relationship. .
结合图9和图10可以发现,图9的第二列至第三列与图10的第三列至第四列中的第2行至第4行的内容一致,也就是说,节点D确定节点D对应的节点D和节点E之间的第二量子密钥的规则与节点E确定节点E和节点D之间的第一量子密钥的规则相同,因此,可以保证路由路径中第i个节点对应的第二量子密钥与该目标路由路径中的第i+1个节点对应的第一量子密钥相同。9 and FIG. 10, it can be found that the second to third columns of FIG. 9 are identical to the contents of the second to fourth rows of the third to fourth columns of FIG. 10, that is, the node D is determined. The rule of the second quantum key between the node D and the node E corresponding to the node D is the same as the rule that the node E determines the first quantum key between the node E and the node D, and therefore, the ith in the routing path can be guaranteed The second quantum key corresponding to the node is the same as the first quantum key corresponding to the i+1th node in the target routing path.
实施方式b3-2Embodiment b3-2
第i个节点根据经过第i个节点和该目标路由路径中的第i+1个节点的多条路由路径的编号之间的排序关系,确定出经过第i个节点和该目标路由路径中的第i+1个节点的多条路由路径的排序,并依序确定出该目标路由路径的第i个节点对应的第二量子密钥。The i-th node determines, according to the order relationship between the number of the plurality of routing paths of the i-th node and the i+1th node in the target routing path, the i-th node and the target routing path Sorting the plurality of routing paths of the i+1th node, and sequentially determining the second quantum key corresponding to the i-th node of the target routing path.
图11示例性示出了图2中的节点D应用实施方式b3-2生成路由路径L
2的节点D对应的第二量子密钥的示意图,如图11所示,假设需要确定的是路由路径L
2的节点D对应的第二量子密钥,则可以先确定经过节点D和节点E的多条路由路径分别为L
1、L
2和L
3。之后,可以针对路由路径L
1、L
2和L
3的路由路径的编号进行排序,排序结果如图11的第2行至第4行所示,之后依据路由路径L
1、L
2、L
3和L
4的排序依序为每个路由路径分配对应的第一量子密钥。
FIG. 11 exemplarily shows a schematic diagram of the second quantum key corresponding to the node D in which the node D application embodiment b3-2 of FIG. 2 generates the routing path L 2 . As shown in FIG. 11 , it is assumed that the routing path needs to be determined. The second quantum key corresponding to the node D of L 2 may first determine that the plurality of routing paths passing through the node D and the node E are L 1 , L 2 and L 3 , respectively . Thereafter, the number of the routing paths of the routing paths L 1 , L 2 , and L 3 can be sorted, and the sorting result is shown in the second row to the fourth row of FIG. 11 , and then according to the routing paths L 1 , L 2 , and L 3 . And the sorting of L 4 sequentially assigns a corresponding first quantum key to each routing path.
可见,该实施方式b3-2相比与实施方式b3-1来讲,是先筛选出经过第i个节点和该目标路由路径中的第i+1个节点的多条路由路径,之后直接根据经过第i个节点和该目标路由路径中的第i+1个节点的多条路由路径的编号进行排序,而上述实施方式b3-1中则会先根据该多条路由路径中的节点E的下一跳节点排序,之后再根据该多条路由路径的编号进 行排序。It can be seen that, compared with the embodiment b3-1, the embodiment b3-2 firstly filters out multiple routing paths through the i-th node and the i+1th node in the target routing path, and then directly according to The number of the plurality of routing paths of the i-th node and the i+1th node in the target routing path is sorted, and in the foregoing embodiment b3-1, the node E in the plurality of routing paths is firstly used. The next hop nodes are sorted, and then sorted according to the number of the multiple routing paths.
上述实施方式中,图6至图11仅仅示例性示出了一种可能性的实施方式,具体实际应用中,可以有多种,比如一种可选地实施方式中第i个节点根据经过第i个节点的多条路由路径中的多个第i+1个节点的编号之间的排序关系、经过第i个节点的多条路由路径中的多个第i-1个节点的编号之间的排序关系,以及经过第i个节点的多条路由路径的编号之间的排序关系,确定出经过第i个节点的多条路由路径的排序,并依序确定出该目标路由路径的第i个节点对应的第二量子密钥。可选地,第i个节点根据经过第i个节点和该目标路由路径中的第i-1个节点的多条路由路径中的多个第i-2个节点的编号之间的排序关系,以及经过第i个节点和该目标路由路径中的第i-1个节点的多条路由路径的编号之间的排序关系,确定出经过第i个节点和该目标路由路径中的第i-1个节点的多条路由路径的排序,并依序确定出该目标路由路径的第i个节点对应的第一量子密钥。In the above embodiments, FIG. 6 to FIG. 11 merely illustrate an exemplary implementation manner. In a specific application, there may be multiple types, such as an ith node according to an optional embodiment. The ordering relationship between the numbers of the plurality of i+1th nodes in the plurality of routing paths of the i-node, and the number of the i-th nodes in the plurality of routing paths passing through the i-th node The sorting relationship between the sorting relationship and the numbering of the plurality of routing paths through the i-th node determines the sorting of the plurality of routing paths through the i-th node, and sequentially determines the i-th of the target routing path The second quantum key corresponding to each node. Optionally, the i-th node is based on a sort relationship between the number of the i-th nodes in the plurality of routing paths passing through the i-th node and the i-1th node in the target routing path, And determining, by the order relationship between the number of the i-th node and the number of the plurality of routing paths of the i-1th node in the target routing path, determining the i-th node and the i-1th in the target routing path Sorting multiple routing paths of the nodes, and sequentially determining the first quantum key corresponding to the i-th node of the target routing path.
在上述实施方式a2、实施方式a3、实施方式b2和实施方式b3中,可以由各个节点自行计算第一对应关系和/或第二对应关系,该种实施方式可以基于分布式信息的方法,即全网的业务请求可以不做集中收集,而是利用经典路由的方法得出每个业务请求的路由路径,之后将将每个路由路径对应存储在该目标路由路径所经过的每个节点中,每个节点根据自己内部存储的经过自己的所有路由路径的拓扑信息,可以自行计算第一对应关系和/或第二对应关系。In the foregoing embodiment a2, the embodiment a3, the embodiment b2, and the embodiment b3, the first correspondence and/or the second correspondence may be calculated by each node, and the implementation may be based on a distributed information method, that is, The service request of the entire network may not be collected centrally, but the routing path of each service request is obtained by using the classical routing method, and then each routing path is correspondingly stored in each node through which the target routing path passes. Each node can calculate the first correspondence and/or the second correspondence according to its own internal topology information of all routing paths.
上述实施方式a1、实施方式a2和实施方式a3中的任一种实施方式可以与实施方式b1、实施方式b2和实施方式b3中的任一种实施方式结合使用,举个例子,比如可以采用上述实施方式a1由集中控制器下发第一对应关系中的路由路径的第i个节点对应的第一量子密钥,而第二对应关系中路由路径的第i个节点对应的第二量子密钥可以由上述实施方式b3中所示的由第i个节点自行计算。Any one of the above-described embodiment a1, the embodiment a2, and the embodiment a3 may be used in combination with any one of the embodiment b1, the embodiment b2, and the embodiment b3. For example, the above may be employed. In the embodiment a1, the first quantum key corresponding to the i-th node of the routing path in the first correspondence relationship is delivered by the centralized controller, and the second quantum key corresponding to the i-th node of the routing path in the second corresponding relationship is obtained. It can be calculated by the i-th node as shown in the above embodiment b3.
再比如,第一对应关系中的路由路径的第i个节点对应的第一量子密钥可以由上述实施方式a2中所示的由第i-1个节点发出,而第二对应关系中路由路径的第i个节点对应的第二量子密钥可以由上述实施方式b3中所示的由第i个节点自行计算。For another example, the first quantum key corresponding to the i-th node of the routing path in the first correspondence relationship may be sent by the i-1th node shown in the foregoing embodiment a2, and the routing path in the second correspondence relationship The second quantum key corresponding to the i-th node can be calculated by the i-th node as shown in the above embodiment b3.
再比如,第一对应关系中的路由路径的第i个节点对应的第一量子密钥可以由上述实施方式a3中所示的由第i个节点自行计算,而第二对应关系中路由路径的第i个节点对应的第二量子密钥可以由上述实施方式b2中所示的由第i+1个节点发出。For another example, the first quantum key corresponding to the i th node of the routing path in the first correspondence relationship may be calculated by the i th node in the foregoing embodiment a3, and the routing path in the second correspondence relationship The second quantum key corresponding to the i-th node may be issued by the (i+1)th node shown in the above embodiment b2.
再比如,第一对应关系中的路由路径的第i个节点对应的第一量子密钥可以由上述实施方式a3中所示的由第i个节点自行计算,而第二对应关系中路由路径的第i个节点对应的第二量子密钥可以由上述实施方式b3中所示的由第i个节点自行计算。而该种示例中,第i个节点也可以采用实施方式a3-1至a3-3中的任一种实施方式确定路由路径的第i个节点对应的第一量子密钥,也可以采用b3-1至b3-2中的任一种实施方式确定路由路径的第i个节点对应的第二量子密钥,选择方式灵活,比如可以将实施方式a3-1和b3-1组合使用,也可以将实施方式a3-2和实施方式b3-2组合使用,也可以将实施方式a3-3和实施方式b3-2组合使用。For another example, the first quantum key corresponding to the i th node of the routing path in the first correspondence relationship may be calculated by the i th node in the foregoing embodiment a3, and the routing path in the second correspondence relationship The second quantum key corresponding to the i-th node can be calculated by the i-th node as shown in the above embodiment b3. In this example, the i-th node may also use any one of the implementation manners a3-1 to a3-3 to determine the first quantum key corresponding to the i-th node of the routing path, or b3- Any one of the embodiments 1 to b3-2 determines the second quantum key corresponding to the i-th node of the routing path, and the selection manner is flexible. For example, the implementation manners a3-1 and b3-1 may be combined or used. Embodiment a3-2 and Embodiment b3-2 are used in combination, and Embodiment a3-3 and Embodiment b3-2 may be used in combination.
可选地,本申请实施例中图6中所示的表格可以循环使用,以图6为例,经过节点B和节点D的路由路径有L
1、L
2、L
3和L
4,排序依次为L
1、L
2、L
3、L
4。从节点B和节点D相连的QKD系统推送上来的第一个量子密钥可以分配给路由路径L
1,第一个量子密钥的标识在图6中可以K
DB(L
1)表示,第二个密钥分配给路由路径L
2,第三个密钥分配给 路由路径L
3,第四个密钥分配给路由路径L
4,当地五个密钥上来时,就又重新分配给了路由路径L
1,依次类推,进行循环。当为L1至L4全部分配一次量子密钥时,可以称为一个量子密钥分配周期,在一个周期中,可以为每个路由路径分配一个量子密钥,也可以为根据权重或预设规则为不同的路由路径设置不同的量子密钥分配数量,比如可以在一个量子密钥分配周期中为一条路由路径分配3个量子密钥。
Optionally, the table shown in FIG. 6 in the embodiment of the present application may be used cyclically. Taking FIG. 6 as an example, the routing paths through the node B and the node D have L 1 , L 2 , L 3 , and L 4 , and the sorting is sequentially performed. It is L 1 , L 2 , L 3 , L 4 . The first quantum key pushed from the QKD system connected to the node B and the node D can be assigned to the routing path L 1 , and the identifier of the first quantum key can be represented by K DB (L 1 ) in FIG. 6 , and second The key is assigned to the routing path L 2 , the third key is assigned to the routing path L 3 , and the fourth key is assigned to the routing path L 4 . When the local five keys come up, they are reassigned to the routing path. L 1 , and so on, loops. When a quantum key is allocated to all of L1 to L4, it may be referred to as a quantum key allocation period. In one cycle, each routing path may be assigned a quantum key, or may be based on a weight or a preset rule. Different routing paths set different quantum key allocation numbers, for example, three quantum keys can be allocated to one routing path in one quantum key allocation period.
本申请实施例中的量子通信系统可以划分多个局域网,图12示例性示出了本申请实施例提供的一种量子通信中局域网划分的结构示意图,如图12所示,可以将量子通信网络划分多个局域网,如图12所示的局域网1201和局域网1202,在每个局域网中可以设置网关节点,每个局域网中可以设置一个或多个网关节点,图12中仅示例性示出了一个局域网中设置一个网关节点的示例。如图12所示,局域网1201中的节点(比如节点M
1)需要与局域网1202中的节点(比如节点M
6)通信时,节点M
1可以先将数据发送至该局域网1201中的网关节点S
1,之后局域网1201中的网关节点S
1将数据对应发送至局域网1202中的网关节点S
2,由网关节点S
2转发至局域网1202内的节点M
6。也就是说,不同的局域网内的节点进行通信时,源节点可以将数据发送至该源节点所属的局域网内的网关节点,之后传输至目的节点所在的局域网中的网关节点,从而通过目的节点所在的局域网中的网关节点传输至目的节点。这种情况下,每个局域网内部的业务请求对应的路由路径可以由该局域网内部的网关节点来辅助计算,从而可以减轻集中控制器的压力。
The quantum communication system in the embodiment of the present application can divide a plurality of local area networks. FIG. 12 exemplarily shows a schematic structural diagram of a local area network division in quantum communication provided by an embodiment of the present application. As shown in FIG. 12, a quantum communication network can be Dividing a plurality of local area networks, such as the local area network 1201 and the local area network 1202 shown in FIG. 12, gateway nodes may be set in each local area network, and one or more gateway nodes may be set in each local area network, and only one exemplary one is shown in FIG. An example of setting up a gateway node in a local area network. When the LAN nodes 1201 shown in FIG. 12 (such as M 1 node) needs to communicate with the LAN nodes 1202 (node such as M 6), the node M 1 S may be sent to the gateway node in the first data LAN 1201 1, after the LAN 1201 to a gateway node S transmits data corresponding to the LAN gateway node 1202 S 2, S 2 forwarded by the gateway node to a local node in the M 6 1202. That is to say, when the nodes in different local area networks communicate, the source node can send data to the gateway node in the local area network to which the source node belongs, and then transmit to the gateway node in the local area network where the destination node is located, so that the destination node is located. The gateway node in the local area network is transmitted to the destination node. In this case, the routing path corresponding to the service request inside each local area network can be assisted by the gateway node inside the local area network, thereby reducing the pressure on the centralized controller.
基于上述内容,本申请实施例提供一种量子通信方法,具体操作流程如下Based on the above content, the embodiment of the present application provides a quantum communication method, and the specific operation process is as follows:
在0至T1时刻,一个或多个节点发起加密业务请求,该加密业务请求可以包括新增的业务对应的加密业务请求,也可以包括取消现有业务所对应的加密业务请求。At 0 to T1, one or more nodes initiate an encrypted service request, and the encrypted service request may include an encrypted service request corresponding to the newly added service, and may also include canceling the encrypted service request corresponding to the existing service.
可选地实施方式中,节点发起的加密业务请求可以向集中控制器发送,也可以向节点所在的局域网中的网关节点发送。或者设置一个集中控制端,节点发起的加密业务请求可以向该集中控制端发送。In an optional implementation manner, the node-initiated encrypted service request may be sent to the centralized controller or to the gateway node in the local area network where the node is located. Or set a centralized control end, and the encrypted service request initiated by the node may be sent to the centralized control end.
当节点向集中控制器发送加密业务请求时,集中控制器可以规划各个加密业务请求对应的路由路径。由集中控制器规划路由路径可以从全局出发优化路由路径。本申请实施例中集中控制器也可以替代为集中控制端,或者其它具有本申请实施例中集中控制器所具有的功能的设备。When the node sends an encrypted service request to the centralized controller, the centralized controller may plan a routing path corresponding to each encrypted service request. The routing path is planned by the centralized controller to optimize the routing path from a global perspective. The centralized controller in the embodiment of the present application may also be replaced by a centralized control terminal, or other devices having the functions of the centralized controller in the embodiment of the present application.
当节点向节点所在的局域网中的网关节点发送加密业务请求时,网关节点可以规划该网关节点所在的局域网内部的路由路径,当加密业务请求需要跨越至少两个局域网时,可以由集中控制器规划不同的局域网之间的网关节点和网关节点之间的路由路径,这种实施方式可以减轻集中控制器的压力。When the node sends an encrypted service request to the gateway node in the local area network where the node is located, the gateway node may plan a routing path inside the local area network where the gateway node is located. When the encrypted service request needs to span at least two local area networks, the centralized controller may plan. The routing path between the gateway node and the gateway node between different local area networks, this embodiment can alleviate the pressure of the centralized controller.
路由路径下发之后可以下发至该目标路由路径所包括的所有节点中的每个节点上。After the routing path is delivered, it can be delivered to each of the nodes included in the target routing path.
可选地,还可以记录每个加密业务需要的密钥更新速率是多少。对于密钥更新速率较高的节点对儿,可以采用多条并行路由路径以增加最终总的密钥获取率,或者在某一条路由路径上增加其权重。在计算路由路径时,可以根据每条实际QKD链路的最大密钥生成速率,优化调整路由路径,以防止经过同一段链路的路由路径太多,从而限制了这些路径的密钥生成速率。Optionally, it is also possible to record the key update rate required for each encrypted service. For a pair of nodes with a higher key update rate, multiple parallel routing paths can be used to increase the final total key acquisition rate, or to increase its weight on a certain routing path. When calculating the routing path, you can optimize the routing path according to the maximum key generation rate of each actual QKD link to prevent too many routing paths through the same link, thus limiting the key generation rate of these paths.
在T1至T2时刻,各个节点根据新下发的路由路径的信息确定各自对应的第一对应关系和第二对应关系,具体方式可以采用上述实施方式a1至实施方式b2中的方式,在此不再赘述。At the time of T1 to T2, each node determines the first corresponding relationship and the second corresponding relationship according to the information of the newly issued routing path. The specific manner may be the manner in the foregoing embodiment a1 to the embodiment b2. Let me repeat.
若各个节点此时还存着历史的第一对应关系和第二对应关系,则可以使用新获取的第一对应关系和第二对应关系更改历史的第一对应关系和第二对应关系。If each node still has the first correspondence and the second correspondence of the history, the first correspondence and the second correspondence of the history may be changed by using the newly acquired first correspondence and the second correspondence.
可选地,在这个时间段,目的节点可以合理的处理这个时间段收到的各类信息。Optionally, during this time period, the destination node can reasonably process various types of information received during the time period.
在T2至T3时刻,针对各个节点中的每个节点,该节点根据更新后的第一对应关系和第二对应关系,计算经过该节点的每条路由路径的该节点对应的第三量子密钥,在计算出结果之后的预设时长内删除过该节点的每条路由路径的该节点所对应的第一量子密钥和第二量子密钥。预设时长可以设置为较小的值,比如可以是1分钟或30秒内,如此可以提高量子密钥分配的安全性。At time T2 to T3, for each node in each node, the node calculates a third quantum key corresponding to the node of each routing path of the node according to the updated first correspondence relationship and the second correspondence relationship. The first quantum key and the second quantum key corresponding to the node of each routing path of the node are deleted within a preset duration after the result is calculated. The preset duration can be set to a smaller value, such as 1 minute or 30 seconds, which can improve the security of quantum key distribution.
可选地,该节点可以公开经过该节点的每条路由路径的该节点对应的第三量子密钥,以及经过该节点的每条路由路径的相关信息。节点公开信息的方式有多种,比如可以仅向集中控制节点报告;可以内部公开,即量子网络内部某个群体间公开;可以对第三方公开,比如公开给第三方监督机构;甚至可以进行全网公开,因为这部分信息不影响安全性。但总体考虑可以对不同域公开不同的信息。考虑到这部分公开信息如果合理利用会有助于分析网络情况,因此信息公开时需要增加认证,以确保此信息是本节点发出的。此外,还可以将公开的信息上载到区块链中,以进一步防止被篡改。Optionally, the node may disclose a third quantum key corresponding to the node of each routing path of the node, and related information of each routing path passing through the node. There are many ways for a node to disclose information, for example, it can be reported only to a centralized control node; it can be disclosed internally, that is, it can be disclosed among a group within a quantum network; it can be disclosed to a third party, such as to a third-party supervisory organization; The web is open because this part of the information does not affect security. But overall considerations can expose different information to different domains. Considering that this part of the public information will help to analyze the network situation if it is used properly, it is necessary to increase the authentication when the information is published to ensure that this information is sent by the node. In addition, the published information can be uploaded to the blockchain to further prevent tampering.
可选地,针对一条路由路径中的源节点,该源节点可以在收到该路由路径的全部节点中的每个节点所公开的:该节点可以公开经过该节点的每条路由路径的该节点对应的第三量子密钥,以及经过该节点的每条路由路径的相关信息之后,再发出源节点对应的第二密文。Optionally, for a source node in a routing path, the source node may be exposed at each of all nodes receiving the routing path: the node may expose the node passing through each routing path of the node Corresponding third quantum key, and related information of each routing path of the node, and then sending a second ciphertext corresponding to the source node.
可选地,针对一条路由路径中的目的节点,该目的节点可以在收到该路由路径的全部节点中的每个节点所公开的:该节点可以公开经过该节点的每条路由路径的该节点对应的第三量子密钥,以及经过该节点的每条路由路径的相关信息之后,可以从源节点对应的第二密文中解析出源节点和目的节点之间的待共享量子密钥。可选地,可以将待共享量子密钥存入业务密钥池中,业务密钥池属于保密存储空间。Optionally, for a destination node in a routing path, the destination node may be disclosed at each of all nodes receiving the routing path: the node may disclose the node passing through each routing path of the node After the corresponding third quantum key and the related information of each routing path of the node, the quantum key to be shared between the source node and the destination node may be parsed from the second ciphertext corresponding to the source node. Optionally, the quantum key to be shared may be stored in a service key pool, where the service key pool belongs to a secure storage space.
基于相同构思,本申请提供一种量子密钥分配设备1301,用于执行上述方法中的接收侧的任一个方案。图13示例性示出了本申请提供的一种量子密钥分配设备的结构示意图,如图13所示,量子密钥分配设备1301包括处理器1303、收发器1302、存储器1305和通信接口1304;其中,处理器1303、收发器1302、存储器1305和通信接口1304通过总线相互连接。该示例中的量子密钥分配设备1301可以是上述内容中的一个路由路径中的第i个节点,本领域技术人员可知,该量子密钥分配设备1301在其它路由路径中也可以是源节点、目的节点或节点,本申请实施例中限定当量子密钥分配设备1301作为节点时所执行的方案。Based on the same concept, the present application provides a quantum key distribution device 1301 for performing any of the aspects of the receiving side in the above method. FIG. 13 is a schematic structural diagram of a quantum key distribution apparatus provided by the present application. As shown in FIG. 13, the quantum key distribution apparatus 1301 includes a processor 1303, a transceiver 1302, a memory 1305, and a communication interface 1304. The processor 1303, the transceiver 1302, the memory 1305, and the communication interface 1304 are connected to each other through a bus. The quantum key distribution device 1301 in this example may be the i-th node in one of the foregoing routing paths, and those skilled in the art may know that the quantum key distribution device 1301 may also be a source node in other routing paths. A destination node or a node, which is implemented in the embodiment of the present application when the equivalent subkey distribution device 1301 is defined as a node.
存储器1305可以包括易失性存储器(volatile memory),例如随机存取存储器(random-access memory,RAM);存储器也可以包括非易失性存储器(non-volatile memory),例如快闪存储器(flash memory),硬盘(hard disk drive,HDD)或固态硬盘(solid-state drive,SSD);存储器1305还可以包括上述种类的存储器的组合。The memory 1305 may include a volatile memory such as a random-access memory (RAM); the memory may also include a non-volatile memory such as a flash memory. A hard disk drive (HDD) or a solid-state drive (SSD); the memory 1305 may also include a combination of the above types of memories.
通信接口1304可以为有线通信接入口,无线通信接口或其组合,其中,有线通信接口例如可以为以太网接口。以太网接口可以是光接口,电接口或其组合。无线通信接口可以为WLAN接口。The communication interface 1304 can be a wired communication access port, a wireless communication interface, or a combination thereof, wherein the wired communication interface can be, for example, an Ethernet interface. The Ethernet interface can be an optical interface, an electrical interface, or a combination thereof. The wireless communication interface can be a WLAN interface.
处理器1303可以是中央处理器(central processing unit,CPU),网络处理器(network processor,NP)或者CPU和NP的组合。处理器1303还可以进一步包括硬件芯片。上述硬件芯片可以是专用集成电路(application-specific integrated circuit,ASIC),可编程逻辑器件(programmable logic device,PLD)或其组合。上述PLD可以是复杂可编程逻辑器件(complex programmable logic device,CPLD),现场可编程逻辑门阵列(field-programmable gate array,FPGA),通用阵列逻辑(generic array logic,GAL)或其任意组合。The processor 1303 may be a central processing unit (CPU), a network processor (NP), or a combination of a CPU and an NP. The processor 1303 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof. The PLD may be a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a general array logic (GAL), or any combination thereof.
可选地,存储器1305还可以用于存储程序指令,处理器1303调用该存储器1305中存储的程序指令,可以执行上述方案中所示实施例中的一个或多个步骤,或其中可选的实施方式,使得量子密钥分配设备1301实现上述方法中第i个节点的功能。量子密钥分发设备为量子通信系统的一条路由路径中的第i个节点。量子密钥分发设备中的处理器1303,用于根据第一对应关系确定出目标路由路径的第i个节点对应的第一量子密钥,根据第二对应关系确定出目标路由路径的第i个节点对应的第二量子密钥,根据目标路由路径的第i个节点对应的第一量子密钥和目标路由路径的第i个节点对应的第二量子密钥,生成目标路由路径的第i个节点对应的第三量子密钥;其中,第i个节点为目标路由路径中的第i个节点;目标路由路径的第i个节点对应的第一量子密钥为第i个节点获取的第i个节点与目标路由路径中第i-1个节点之间共享的量子密钥,第一对应关系包括经过第i个节点的N条路由路径与第i个节点对应的N个第一量子密钥的对应关系,N条路由路径和第i个节点对应的N个第一量子密钥一一对应,目标路由路径为N个条路由路径中的一条路由路径,N为正整数,i为正整数;目标路由路径的第i个节点对应的第二量子密钥为第i个节点所获取的第i个节点与目标路由路径中第i+1个节点之间共享的量子密钥,第二对应关系包括经过第i个节点的N条路由路径与第i个节点对应的N个第二量子密钥的对应关系,N条路由路径和第i个节点对应的N个第二量子密钥一一对应;收发器1302,用于将目标路由路径的第i个节点对应的第三量子密钥发送给目标路由路径的目标节点;或者;将通过处理器使用目标路由路径的第i个节点对应的第三量子密钥对接收到的来自目标路由路径中的第i-1个节点的第一密文进行加密所得到的第i个节点对应的第二密文发送给目标路由路径中的第i+1个节点。Optionally, the memory 1305 can also be used to store program instructions, and the processor 1303 calls the program instructions stored in the memory 1305, and can perform one or more steps in the embodiment shown in the above scheme, or an optional implementation thereof. In a manner, the quantum key distribution device 1301 implements the function of the i-th node in the above method. The quantum key distribution device is the i-th node in a routing path of the quantum communication system. a processor 1303 in the quantum key distribution device, configured to determine, according to the first correspondence, a first quantum key corresponding to an i th node of the target routing path, and determine an i th target of the target routing path according to the second correspondence The second quantum key corresponding to the node generates the ith of the target routing path according to the first quantum key corresponding to the i-th node of the target routing path and the second quantum key corresponding to the i-th node of the target routing path. a third quantum key corresponding to the node; wherein, the i th node is the i th node in the target routing path; the first quantum key corresponding to the i th node of the target routing path is the i th obtained by the i th node The quantum key shared between the node and the i-1th node in the target routing path, the first correspondence relationship includes N first quantum keys corresponding to the i th node through the N routing paths of the i th node Corresponding relationship, the N routing paths correspond to the N first quantum keys corresponding to the i-th node, and the target routing path is one of the N routing paths, N is a positive integer, and i is a positive integer Target routing The second quantum key corresponding to the i-th node of the path is a quantum key shared between the i-th node acquired by the i-th node and the i+1th node in the target routing path, and the second correspondence includes The correspondence between the N routing paths of the i-th node and the N second quantum keys corresponding to the i-th node, and the N routing paths and the N second quantum keys corresponding to the i-th node are in one-to-one correspondence; The third quantum key corresponding to the i th node of the target routing path is sent to the target node of the target routing path; or the third quantum corresponding to the i th node of the target routing path is used by the processor The second ciphertext corresponding to the i-th node obtained by encrypting the received first ciphertext of the i-th node in the target routing path is sent to the i+1th of the target routing path. node.
其中,第i个节点接收到的来自目标路由路径中的第i-1个节点的第一密文为第i-1个节点发出的第i-1个节点对应的第二密文;当i为1时,第0个节点为目标路由路径的源节点,目标路由路径的源节点对应的第二密文为使用目标路由路径的源节点对应的第二量子密钥对目标路由路径的源节点和目标路由路径的目标节点之间待共享量子密钥进行加密得到的。The first ciphertext received by the i-th node from the i-1th node in the target routing path is the second ciphertext corresponding to the i-1th node sent by the i-1th node; When the value is 1, the 0th node is the source node of the target routing path, and the second ciphertext corresponding to the source node of the target routing path is the source node of the second quantum key pair target routing path corresponding to the source node of the target routing path. The quantum key to be shared with the target node of the target routing path is encrypted.
其中,目标路由路径中的第i-1个节点对应的第二量子密钥与目标路由路径的第i个节点对应的第一量子密钥相同;且,目标路由路径中的第i个节点对应的第二量子密钥与目标路由路径的第i+1个节点对应的第一量子密钥相同。The second quantum key corresponding to the i-1th node in the target routing path is the same as the first quantum key corresponding to the i th node of the target routing path; and the i th node corresponding to the target routing path corresponds to The second quantum key is the same as the first quantum key corresponding to the i+1th node of the target routing path.
在一种可能地实现方式中,若N为大于1的整数,则针对经过第i个节点的N条路由路径中的第一路由路径和第二路由路径:第一路由路径的第i个节点对应的第一量子密钥与第二路由路径的第i个节点对应的第一量子密钥不同;第一路由路径的第i个节点对应的第二量子密钥与第二路由路径的第i个节点对应的第二量子密钥不同。In a possible implementation manner, if N is an integer greater than 1, the first routing path and the second routing path in the N routing paths through the i-th node: the i-th node of the first routing path The corresponding first quantum key is different from the first quantum key corresponding to the i th node of the second routing path; the second quantum key corresponding to the i th node of the first routing path and the i th second of the second routing path The second quantum key corresponding to each node is different.
在一种可能地实现方式中,收发器1302,还用于接收集中控制器或目标路由路径中的第i-1个节点发送的用于指示第一对应关系中的目标路由路径的第i个节点对应目标路由路径的第一量子密钥的指示信息;或者;处理器1303,还用于根据获取的量子通信系统的网 络拓扑信息和第一预设规则确定第一对应关系中的目标路由路径的第i个节点对应目标路由路径的第一量子密钥。In a possible implementation manner, the transceiver 1302 is further configured to receive, by the ith node of the centralized controller or the target routing path, an ith information indicating a target routing path in the first correspondence. The node corresponds to the indication information of the first quantum key of the target routing path; or the processor 1303 is further configured to determine the target routing path in the first correspondence according to the acquired network topology information of the quantum communication system and the first preset rule. The i-th node corresponds to the first quantum key of the target routing path.
确定该目标路由路径的第i个节点对应的第一量子密钥的方式有多种,具体可以参见上述内容中的实施方式a3-1、实施方式a3-2和实施方式a3-3的描述,在此不再赘述。There are a plurality of manners for determining the first quantum key corresponding to the i-th node of the target routing path. For details, refer to the descriptions of Embodiment a3-1, Embodiment a3-2, and Embodiment a3-3 in the foregoing. I will not repeat them here.
在一种可能地实现方式中,收发器1302,用于:接收集中控制器或目标路由路径对应的第i+1个节点发送的用于指示第二对应关系中的目标路由路径的第i个节点对应的第二量子密钥的指示信息;或者;处理器1303,用于根据获取的量子通信系统的网络拓扑信息和第二预设规则确定第二对应关系中的目标路由路径的第i个节点对应的第二量子密钥。In a possible implementation manner, the transceiver 1302 is configured to: receive, by the centralized controller or the i+1th node corresponding to the target routing path, the ith information indicating the target routing path in the second correspondence relationship The indication information of the second quantum key corresponding to the node; or the processor 1303, configured to determine the ith of the target routing path in the second correspondence according to the acquired network topology information of the quantum communication system and the second preset rule The second quantum key corresponding to the node.
确定该目标路由路径的第i个节点对应的第二量子密钥的方式有多种,具体可以参见上述内容中的实施方式b3-1和实施方式b3-2的描述,在此不再赘述。For the determination of the second quantum key corresponding to the i-th node of the target routing path, refer to the description of the embodiment b3-1 and the embodiment b3-2 in the foregoing, and details are not described herein again.
基于相同构思,本申请实施例提供一种量子密钥分配设备,用于执行上述方法流程中的第i个节点侧的任一个方案。图14示例性示出了本申请实施例提供的一种量子密钥分配设备的结构示意图,如图14所示,量子密钥分配设备1401包括收发单元1402和处理单元1403。该示例中的量子密钥分配设备1401可以是上述内容中的一个路由路径中的第i个节点,本领域技术人员可知,该量子密钥分配设备1401在其它路由路径中也可以是源节点、目的节点或节点,本申请实施例中限定当量子密钥分配设备1401作为节点时所执行的方案。Based on the same concept, the embodiment of the present application provides a quantum key distribution apparatus for performing any one of the i-th node side in the foregoing method flow. FIG. 14 exemplarily shows a schematic structural diagram of a quantum key distribution apparatus according to an embodiment of the present application. As shown in FIG. 14, the quantum key distribution apparatus 1401 includes a transceiver unit 1402 and a processing unit 1403. The quantum key distribution device 1401 in this example may be the i-th node in one of the foregoing routing paths. As is known to those skilled in the art, the quantum key distribution device 1401 may also be a source node in other routing paths. A destination node or a node, which is implemented when the equivalent subkey distribution device 1401 is defined as a node in the embodiment of the present application.
处理单元1403,用于根据第一对应关系确定出目标路由路径的第i个节点对应的第一量子密钥,根据第二对应关系确定出目标路由路径的第i个节点对应的第二量子密钥,根据目标路由路径的第i个节点对应的第一量子密钥和目标路由路径的第i个节点对应的第二量子密钥,生成目标路由路径的第i个节点对应的第三量子密钥;其中,第i个节点为目标路由路径中的第i个节点;目标路由路径的第i个节点对应的第一量子密钥为第i个节点获取的第i个节点与目标路由路径中第i-1个节点之间共享的量子密钥,第一对应关系包括经过第i个节点的N条路由路径与第i个节点对应的N个第一量子密钥的对应关系,N条路由路径和第i个节点对应的N个第一量子密钥一一对应,目标路由路径为N个条路由路径中的一条路由路径,N为正整数,i为正整数;目标路由路径的第i个节点对应的第二量子密钥为第i个节点所获取的第i个节点与目标路由路径中第i+1个节点之间共享的量子密钥,第二对应关系包括经过第i个节点的N条路由路径与第i个节点对应的N个第二量子密钥的对应关系,N条路由路径和第i个节点对应的N个第二量子密钥一一对应;收发器1402,用于将目标路由路径的第i个节点对应的第三量子密钥发送给目标路由路径的目标节点;或者;将通过处理器使用目标路由路径的第i个节点对应的第三量子密钥对接收到的来自目标路由路径中的第i-1个节点的第一密文进行加密所得到的第i个节点对应的第二密文发送给目标路由路径中的第i+1个节点。The processing unit 1403 is configured to determine, according to the first correspondence, a first quantum key corresponding to the i-th node of the target routing path, and determine, according to the second correspondence, a second quantum density corresponding to the i-th node of the target routing path. Key, according to the first quantum key corresponding to the i-th node of the target routing path and the second quantum key corresponding to the i-th node of the target routing path, generating a third quantum key corresponding to the i-th node of the target routing path Key; wherein, the i th node is the i th node in the target routing path; the first quantum key corresponding to the i th node of the target routing path is the i th node and the target routing path acquired by the i th node The quantum key shared between the i-1th nodes, the first correspondence relationship includes the correspondence between the N routing paths of the i-th node and the N first quantum keys corresponding to the i-th node, and N routes The path is in one-to-one correspondence with the N first quantum keys corresponding to the i-th node, and the target routing path is one of the N routing paths, N is a positive integer, i is a positive integer; the i-th of the target routing path Node correspondence The second quantum key is a quantum key shared between the i th node acquired by the i th node and the i+1 th node in the target routing path, and the second correspondence relationship includes N pieces passing through the i th node Corresponding relationship between the routing path and the N second quantum keys corresponding to the i-th node, the N routing paths and the N second quantum keys corresponding to the i-th node are in one-to-one correspondence; the transceiver 1402 is configured to target The third quantum key corresponding to the i-th node of the routing path is sent to the target node of the target routing path; or; the received by the processor using the third quantum key pair corresponding to the i-th node of the target routing path The second ciphertext corresponding to the i-th node obtained by encrypting the first ciphertext of the i-1th node in the target routing path is sent to the i+1th node in the target routing path.
其中,第i个节点接收到的来自目标路由路径中的第i-1个节点的第一密文为第i-1个节点发出的第i-1个节点对应的第二密文;当i为1时,第0个节点为目标路由路径的源节点,目标路由路径的源节点对应的第二密文为使用目标路由路径的源节点对应的第二量子密钥对目标路由路径的源节点和目标路由路径的目标节点之间待共享量子密钥进行加密得到的。其中,目标路由路径中的第i-1个节点对应的第二量子密钥与目标路由路径的第i个节点对应的第一量子密钥相同;且,目标路由路径中的第i个节点对应的第二量子密钥与目标路由路径的第i+1个节点对应的第一量子密钥相同。The first ciphertext received by the i-th node from the i-1th node in the target routing path is the second ciphertext corresponding to the i-1th node sent by the i-1th node; When the value is 1, the 0th node is the source node of the target routing path, and the second ciphertext corresponding to the source node of the target routing path is the source node of the second quantum key pair target routing path corresponding to the source node of the target routing path. The quantum key to be shared with the target node of the target routing path is encrypted. The second quantum key corresponding to the i-1th node in the target routing path is the same as the first quantum key corresponding to the i th node of the target routing path; and the i th node corresponding to the target routing path corresponds to The second quantum key is the same as the first quantum key corresponding to the i+1th node of the target routing path.
应理解,以上各个量子密钥分配设备的单元的划分仅仅是一种逻辑功能的划分,实际实现时可以全部或部分集成到一个物理实体上,也可以物理上分开。本申请实施例中,收发单元1402可以由上述图13的收发器1302实现,处理单元1403可以由上述图13的处理器1303实现。也就是说,本申请实施例中收发单元1402可以执行上述图13的收发器1302所执行的方案,本申请实施例中处理单元1403可以执行上述图13的处理器1303所执行的方案,其余内容可以参见上述内容,在此不再赘述。如上述图13所示,量子密钥分配设备1301包括的存储器1305中可以用于存储该量子密钥分配设备1301包括的处理器1303执行方案时的代码,该代码可为量子密钥分配设备1301出厂时预装的程序/代码。It should be understood that the division of the units of each of the above quantum key distribution devices is only a division of a logical function, and the actual implementation may be integrated into one physical entity in whole or in part, or may be physically separated. In the embodiment of the present application, the transceiver unit 1402 can be implemented by the transceiver 1302 of FIG. 13 above, and the processing unit 1403 can be implemented by the processor 1303 of FIG. 13 described above. That is, the transceiver unit 1402 in the embodiment of the present application may perform the solution executed by the transceiver 1302 of FIG. 13 , and the processing unit 1403 in the embodiment of the present application may execute the solution executed by the processor 1303 of FIG. 13 , and the rest of the content. Please refer to the above content, and details are not described herein again. As shown in FIG. 13 above, the memory 1305 included in the quantum key distribution device 1301 can be used to store a code when the processor 1303 included in the quantum key distribution device 1301 executes a scheme, and the code can be a quantum key distribution device 1301. Program/code pre-installed at the factory.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现、当使用软件程序实现时,可以全部或部分地以计算机程序产品的形式实现。计算机程序产品包括一个或多个指令。在计算机上加载和执行计算机程序指令时,全部或部分地产生按照本申请实施例的流程或功能。计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。指令可以存储在计算机存储介质中,或者从一个计算机存储介质向另一个计算机存储介质传输,例如,指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。计算机存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。可用介质可以是磁性介质,(例如,软盘、硬盘、磁带、磁光盘(MO)等)、光介质(例如,CD、DVD、BD、HVD等)、或者半导体介质(例如ROM、EPROM、EEPROM、非易失性存储器(NAND FLASH)、固态硬盘(Solid State Disk,SSD))等。In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof, and when implemented using a software program, may be implemented in whole or in part in the form of a computer program product. A computer program product includes one or more instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present application are generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device. The instructions may be stored on a computer storage medium or transferred from one computer storage medium to another computer storage medium, for example, instructions may be wired from a website site, computer, server or data center (eg, coaxial cable, fiber optic, digital user) Line (DSL) or wireless (eg infrared, wireless, microwave, etc.) transmission to another website site, computer, server or data center. The computer storage medium can be any available media that can be accessed by the computer or a data storage device such as a server, data center, or the like, including one or more available media. Usable media can be magnetic media (eg, floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical media (eg, CD, DVD, BD, HVD, etc.), or semiconductor media (eg, ROM, EPROM, EEPROM, Non-volatile memory (NAND FLASH), solid state disk (SSD), etc.
本领域内的技术人员应明白,本申请实施例可提供为方法、系统、或计算机程序产品。因此,本申请实施例可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present application can be provided as a method, system, or computer program product. Therefore, the embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, embodiments of the present application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
本申请实施例是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present application. It will be understood that each flow and/or block of the flowcharts and/or block diagrams, and combinations of flow and/or blocks in the flowcharts and/or <RTIgt; These instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine such that instructions executed by a processor of a computer or other programmable data processing device are utilized for implementation A means of function specified in a flow or a flow and/or a block diagram of a block or blocks.
这些指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. A function specified in a block or blocks of a flow or a flow and/or a block diagram of a flow chart.
这些指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for providing instructions for execution on a computer or other programmable device The steps used to implement the functions specified in one or more of the flow or in a block or blocks of the flowchart.
显然,本领域的技术人员可以对本申请实施例进行各种改动和变型而不脱离本申请的 精神和范围。这样,倘若本申请实施例的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。It is apparent that those skilled in the art can make various modifications and variations to the embodiments of the present application without departing from the spirit and scope of the application. Thus, it is intended that the present invention cover the modifications and variations of the embodiments of the present invention.
Claims (15)
- 一种量子密钥分发方法,其特征在于,包括:A quantum key distribution method, comprising:第i个节点根据第一对应关系确定出目标路由路径的第i个节点对应的第一量子密钥,其中,所述第i个节点为所述目标路由路径中的第i个节点;所述目标路由路径的第i个节点对应的第一量子密钥为所述第i个节点获取的所述第i个节点与所述目标路由路径中第i-1个节点之间共享的量子密钥,所述第一对应关系包括经过所述第i个节点的N条路由路径与所述第i个节点对应的N个第一量子密钥的对应关系,所述N条路由路径和所述第i个节点对应的所述N个第一量子密钥一一对应,所述目标路由路径为所述N个条路由路径中的一条路由路径,所述N为正整数,所述i为正整数;The i-th node determines, according to the first correspondence, a first quantum key corresponding to the i-th node of the target routing path, where the i-th node is the i-th node in the target routing path; The first quantum key corresponding to the i-th node of the target routing path is a quantum key shared between the i-th node acquired by the i-th node and the i-th node in the target routing path The first correspondence relationship includes a correspondence between N routing paths of the i-th node and N first quantum keys corresponding to the i-th node, the N routing paths and the first The N first quantum keys corresponding to the i nodes are in one-to-one correspondence, the target routing path is one of the N routing paths, the N is a positive integer, and the i is a positive integer. ;所述第i个节点根据第二对应关系确定出所述目标路由路径的所述第i个节点对应的第二量子密钥,所述目标路由路径的所述第i个节点对应的第二量子密钥为所述第i个节点所获取的所述第i个节点与所述目标路由路径中第i+1个节点之间共享的量子密钥,所述第二对应关系包括经过所述第i个节点的N条路由路径与所述第i个节点对应的N个第二量子密钥的对应关系,所述N条路由路径和所述第i个节点对应的所述N个第二量子密钥一一对应;The i-th node determines, according to the second correspondence, a second quantum key corresponding to the i-th node of the target routing path, and the second quantum corresponding to the i-th node of the target routing path a key is a quantum key shared between the i th node acquired by the i th node and an i+1 th node in the target routing path, where the second correspondence includes Correspondence between N routing paths of i nodes and N second quantum keys corresponding to the i th node, the N routing paths and the N second quantum corresponding to the i th node One-to-one correspondence of keys;所述第i个节点根据所述目标路由路径的所述第i个节点对应的第一量子密钥和所述目标路由路径的所述第i个节点对应的第二量子密钥,生成所述目标路由路径的所述第i个节点对应的第三量子密钥;And generating, by the i th node, the first quantum key corresponding to the i th node of the target routing path and a second quantum key corresponding to the i th node of the target routing path a third quantum key corresponding to the i-th node of the target routing path;所述第i个节点将所述目标路由路径的所述第i个节点对应的第三量子密钥发送给所述目标路由路径的目标节点;或者;所述第i个节点使用所述目标路由路径的所述第i个节点对应的第三量子密钥对接收到的来自所述目标路由路径中的第i-1个节点的第一密文进行加密,将得到的所述第i个节点对应的第二密文发送给所述目标路由路径中的第i+1个节点,其中,所述第i个节点接收到的来自所述目标路由路径中的第i-1个节点的第一密文为所述第i-1个节点发出的所述第i-1个节点对应的第二密文;当所述i为1时,第0个节点为所述目标路由路径的源节点,所述目标路由路径的源节点对应的第二密文为使用所述目标路由路径的源节点对应的第二量子密钥对所述目标路由路径的源节点和所述目标路由路径的目标节点之间待共享量子密钥进行加密得到的;The i-th node sends a third quantum key corresponding to the i-th node of the target routing path to a target node of the target routing path; or the i-th node uses the target route The third quantum key corresponding to the i-th node of the path encrypts the received first ciphertext from the i-1th node in the target routing path, and the obtained i-th node Corresponding second ciphertext is sent to the i+1th node in the target routing path, where the i-th node receives the first node from the i-1th node in the target routing path The ciphertext is a second ciphertext corresponding to the i-1th node sent by the i-1th node; when the i is 1, the 0th node is a source node of the target routing path, The second ciphertext corresponding to the source node of the target routing path is a source node of the target routing path and a target node of the target routing path by using a second quantum key corresponding to the source node of the target routing path. Encrypted by sharing a quantum key;其中,所述目标路由路径中的第i-1个节点对应的第二量子密钥与所述目标路由路径的第i个节点对应的第一量子密钥相同;且,所述目标路由路径中的第i个节点对应的第二量子密钥与所述目标路由路径的第i+1个节点对应的第一量子密钥相同。The second quantum key corresponding to the i-1th node in the target routing path is the same as the first quantum key corresponding to the i th node of the target routing path; and, in the target routing path The second quantum key corresponding to the i-th node is the same as the first quantum key corresponding to the i+1th node of the target routing path.
- 如权利要求1所述的方法,其特征在于,若所述N为大于1的整数,则针对经过所述第i个节点的N条路由路径中的第一路由路径和第二路由路径:The method according to claim 1, wherein if the N is an integer greater than 1, the first routing path and the second routing path in the N routing paths through the i-th node:所述第一路由路径的第i个节点对应的第一量子密钥与所述第二路由路径的第i个节点对应的第一量子密钥不同;The first quantum key corresponding to the i th node of the first routing path is different from the first quantum key corresponding to the i th node of the second routing path;所述第一路由路径的第i个节点对应的第二量子密钥与所述第二路由路径的第i个节点对应的第二量子密钥不同。The second quantum key corresponding to the i th node of the first routing path is different from the second quantum key corresponding to the i th node of the second routing path.
- 如权利要求1或2所述的方法,其特征在于,所述第i个节点根据第一对应关系确定出目标路由路径的第i个节点对应的第一量子密钥之前,还包括:The method according to claim 1 or 2, wherein before the determining, by the i-th node, the first quantum key corresponding to the i-th node of the target routing path according to the first correspondence, the method further includes:所述第i个节点接收集中控制器或所述目标路由路径中的第i-1个节点发送的用于指示 所述第一对应关系中的所述目标路由路径的所述第i个节点对应所述目标路由路径的第一量子密钥的指示信息;The i-th node receives the i-th node corresponding to the target routing path in the first correspondence relationship that is sent by the i-th node in the centralized controller or the target routing path The indication information of the first quantum key of the target routing path;或者;or;所述第i个节点根据获取的量子通信系统的网络拓扑信息和第一预设规则确定所述第一对应关系中的所述目标路由路径的所述第i个节点对应所述目标路由路径的第一量子密钥。Determining, by the i-th node, the i-th node of the target routing path in the first correspondence relationship corresponding to the target routing path according to the acquired network topology information of the quantum communication system and the first preset rule The first quantum key.
- 如权利要求3所述的方法,其特征在于,所述第i个节点根据获取的量子通信系统的网络拓扑信息和第一预设规则确定所述第一对应关系中的所述目标路由路径的所述第i个节点对应所述目标路由路径的第一量子密钥,包括:The method according to claim 3, wherein the i-th node determines the target routing path in the first correspondence according to the acquired network topology information of the quantum communication system and the first preset rule The i-th node corresponds to the first quantum key of the target routing path, and includes:所述第i个节点根据经过所述第i个节点的N条路由路径中的N个第i-1个节点的编号之间的排序关系、经过所述第i个节点的N条路由路径中的N个第i+1个节点的编号之间的排序关系,以及经过所述第i个节点的N条路由路径的编号之间的排序关系,确定出经过所述第i个节点的N条路由路径的排序,并依序确定出所述目标路由路径的所述第i个节点对应的第一量子密钥;The i-th node passes through the N-th routing path of the i-th node according to the order relationship between the numbers of the N th-1th nodes in the N routing paths of the i-th node The ordering relationship between the numbers of the N th+1th nodes, and the ordering relationship between the numbers of the N routing paths through the i-th node, determining N pieces passing through the i-th node Sorting the routing paths, and sequentially determining the first quantum key corresponding to the i-th node of the target routing path;或者;or;所述第i个节点根据经过所述第i个节点的N条路由路径中的N个第i+1个节点的编号之间的排序关系,以及经过所述第i个节点的N条路由路径的编号之间的排序关系,确定出经过所述第i个节点的N条路由路径的排序,并依序确定出所述目标路由路径的所述第i个节点对应的第一量子密钥;The i-th node according to a sorting relationship between numbers of N th+1th nodes in N routing paths passing through the i-th node, and N routing paths passing through the i-th node a sorting relationship between the numbers, determining the sorting of the N routing paths through the i-th node, and sequentially determining the first quantum key corresponding to the i-th node of the target routing path;或者;or;所述第i个节点根据经过所述第i个节点的N条路由路径的编号之间的排序关系,确定出经过所述第i个节点的N条路由路径的排序,并依序确定出所述目标路由路径的所述第i个节点对应的第一量子密钥。The i-th node determines, according to the ordering relationship between the numbers of the N routing paths of the i-th node, sorting the N routing paths that pass the i-th node, and sequentially determines the a first quantum key corresponding to the i-th node of the target routing path.
- 如权利要求1至4任一项所述的方法,其特征在于,所述第i个节点根据第二对应关系确定出所述目标路由路径的所述第i个节点对应的第二量子密钥之前,还包括:The method according to any one of claims 1 to 4, wherein the i-th node determines a second quantum key corresponding to the i-th node of the target routing path according to the second correspondence Previously, it also included:所述第i个节点接收集中控制器或所述目标路由路径对应的第i+1个节点发送的用于指示所述第二对应关系中的所述目标路由路径的所述第i个节点对应的第二量子密钥的指示信息;The i-th node receives the i-th node corresponding to the target routing path sent by the centralized controller or the i+1th node corresponding to the target routing path, and is used to indicate the target routing path in the second correspondence Indication information of the second quantum key;或者;or;所述第i个节点根据获取的量子通信系统的网络拓扑信息和第二预设规则确定所述第二对应关系中的所述目标路由路径的所述第i个节点对应的第二量子密钥。Determining, by the i-th node, the second quantum key corresponding to the i-th node of the target routing path in the second correspondence relationship according to the acquired network topology information of the quantum communication system and the second preset rule .
- 如权利要求5所述的方法,其特征在于,所述第i个节点根据获取的量子通信系统的网络拓扑信息和第二预设规则确定所述第二对应关系中的所述目标路由路径的所述第i个节点对应的第二量子密钥,包括:The method according to claim 5, wherein the i-th node determines the target routing path in the second correspondence according to the acquired network topology information of the quantum communication system and the second preset rule The second quantum key corresponding to the i-th node includes:所述第i个节点根据经过所述第i个节点和所述目标路由路径中的第i+1个节点的W条路由路径的编号之间的排序关系,确定出经过所述第i个节点和所述目标路由路径中的第i+1个节点的W条路由路径的排序,并依序确定出所述目标路由路径的所述第i个节点对应的第二量子密钥;所述W为不大于所述N的正整数;The i-th node determines, according to the order relationship between the numbers of the W routing paths passing through the i-th node and the i+1th node in the target routing path, that the i-th node passes And sorting the W routing paths of the i+1th node in the target routing path, and sequentially determining the second quantum key corresponding to the i th node of the target routing path; a positive integer not greater than the N;或者;or;所述第i个节点根据经过所述第i个节点和所述目标路由路径中的第i+1个节点的W 条路由路径中的W个第i+2个节点的编号之间的排序关系,以及经过所述第i个节点和所述目标路由路径中的第i+1个节点的W条路由路径的编号之间的排序关系,确定出经过所述第i个节点和所述目标路由路径中的第i+1个节点的W条路由路径的排序,并依序确定出所述目标路由路径的所述第i个节点对应的第二量子密钥。The i-th node according to a ranking relationship between the numbers of the i i+2 nodes in the W routing paths passing through the i-th node and the i+1th node in the target routing path And determining, by the order relationship between the number of the W routing paths of the i-th node and the i+1th node in the target routing path, determining the e-th node and the target route Sorting the W routing paths of the i+1th node in the path, and sequentially determining the second quantum key corresponding to the i th node of the target routing path.
- 如权利要求1至6任一项所述的方法,其特征在于,所述第i个节点使用所述目标路由路径的所述第i个节点对应的第三量子密钥对接收到的来自所述目标路由路径中的第i-1个节点的第一密文进行加密的第一算法满足以下公式:The method according to any one of claims 1 to 6, wherein the i-th node receives the received source from the third quantum key pair corresponding to the i-th node of the target routing path The first algorithm for encrypting the first ciphertext of the i-1th node in the target routing path satisfies the following formula:g(f E(K i-1,i-2(L j),K i-1,i(L j)),f E(K i,i-1(L j),K i,i+1(L j)))=f E(K i-1,i-2(L j),K i,i+1(L j)) g(f E (K i-1,i-2 (L j ),K i-1,i (L j )),f E (K i,i-1 (L j ),K i,i+1 (L j )))=f E (K i-1,i-2 (L j ),K i,i+1 (L j ))其中,所述L j为所述目标路由路径的标识; Wherein the L j is an identifier of the target routing path;所述K i-1,i-2(L j)为所述目标路由路径L j中第i-1个节点对应的第一量子密钥; The K i-1,i-2 (L j ) is a first quantum key corresponding to the i-1th node in the target routing path L j ;所述K i-1,i(L j)为所述目标路由路径L j中第i-1个节点对应的第二量子密钥; The K i-1,i (L j ) is a second quantum key corresponding to the i-1th node in the target routing path L j ;所述K i,i-1(L j)为所述目标路由路径L j中第i个节点对应的第一量子密钥; The K i,i-1 (L j ) is a first quantum key corresponding to the i th node in the target routing path L j ;所述K i,i+1(L j)为所述目标路由路径L j中第i个节点对应的第二量子密钥; The K i,i+1 (L j ) is a second quantum key corresponding to the i th node in the target routing path L j ;其中,f E(·)为第二算法对应的函数,所述第二算法为根据所述目标路由路径的所述第i个节点对应的第一量子密钥和所述目标路由路径的所述第i个节点对应的第二量子密钥,生成所述目标路由路径的所述第i个节点对应的第三量子密钥时所使用的算法; Wherein f E (·) is a function corresponding to the second algorithm, and the second algorithm is the first quantum key corresponding to the i-th node according to the target routing path and the target routing path An algorithm used by the second quantum key corresponding to the i-th node to generate a third quantum key corresponding to the i-th node of the target routing path;g(·)为所述第一算法对应的函数。g(·) is a function corresponding to the first algorithm.
- 一种量子密钥分发设备,其特征在于,所述量子密钥分发设备为量子通信系统的一条路由路径中的第i个节点,所述量子密钥分发设备包括:A quantum key distribution device, wherein the quantum key distribution device is an i-th node in a routing path of a quantum communication system, and the quantum key distribution device includes:处理器,用于根据第一对应关系确定出目标路由路径的第i个节点对应的第一量子密钥,根据第二对应关系确定出所述目标路由路径的所述第i个节点对应的第二量子密钥,根据所述目标路由路径的所述第i个节点对应的第一量子密钥和所述目标路由路径的所述第i个节点对应的第二量子密钥,生成所述目标路由路径的所述第i个节点对应的第三量子密钥;其中,所述第i个节点为所述目标路由路径中的第i个节点;所述目标路由路径的第i个节点对应的第一量子密钥为所述第i个节点获取的所述第i个节点与所述目标路由路径中第i-1个节点之间共享的量子密钥,所述第一对应关系包括经过所述第i个节点的N条路由路径与所述第i个节点对应的N个第一量子密钥的对应关系,所述N条路由路径和所述第i个节点对应的所述N个第一量子密钥一一对应,所述目标路由路径为所述N个条路由路径中的一条路由路径,所述N为正整数,所述i为正整数;所述目标路由路径的所述第i个节点对应的第二量子密钥为所述第i个节点所获取的所述第i个节点与所述目标路由路径中第i+1个节点之间共享的量子密钥,所述第二对应关系包括经过所述第i个节点的N条路由路径与所述第i个节点对应的N个第二量子密钥的对应关系,所述N条路由路径和所述第i个节点对应的所述N个第二量子密钥一一对应;a processor, configured to determine, according to the first correspondence, a first quantum key corresponding to an i th node of the target routing path, and determine, according to the second correspondence, a corresponding one of the i th nodes of the target routing path a second quantum key, generating the target according to a first quantum key corresponding to the i-th node of the target routing path and a second quantum key corresponding to the i-th node of the target routing path a third quantum key corresponding to the i-th node of the routing path; wherein the i-th node is an i-th node in the target routing path; and an i-th node of the target routing path corresponds to a first quantum key is a quantum key shared between the i th node acquired by the i th node and an i th th node in the target routing path, where the first correspondence includes a pass through Corresponding relationship between the N routing paths of the i-th node and the N first quantum keys corresponding to the i-th node, the N routing paths and the N-th nodes corresponding to the i-th node a quantum key one-to-one correspondence, the target routing path One of the N routing paths, the N is a positive integer, and the i is a positive integer; the second quantum key corresponding to the ith node of the target routing path is the first a quantum key shared between the i-th node acquired by the i-th node and the i+1th node in the target routing path, where the second correspondence relationship includes N pieces passing through the i-th node Corresponding relationship between the routing path and the N second quantum keys corresponding to the i-th node, the N routing paths and the N second quantum keys corresponding to the i-th node are in one-to-one correspondence;收发器,用于将所述目标路由路径的所述第i个节点对应的第三量子密钥发送给所述目标路由路径的目标节点;或者;将通过所述处理器使用所述目标路由路径的所述第i个节点对应的第三量子密钥对接收到的来自所述目标路由路径中的第i-1个节点的第一密文进行加密所得到的所述第i个节点对应的第二密文发送给所述目标路由路径中的第i+1个节点;a transceiver, configured to send a third quantum key corresponding to the i th node of the target routing path to a target node of the target routing path; or; use the target routing path by using the processor The third quantum key corresponding to the i-th node corresponds to the received i-th node obtained by encrypting the first ciphertext from the i-1th node in the target routing path. Sending a second ciphertext to the i+1th node in the target routing path;其中,所述第i个节点接收到的来自所述目标路由路径中的第i-1个节点的第一密文为所述第i-1个节点发出的所述第i-1个节点对应的第二密文;当所述i为1时,第0个节点 为所述目标路由路径的源节点,所述目标路由路径的源节点对应的第二密文为使用所述目标路由路径的源节点对应的第二量子密钥对所述目标路由路径的源节点和所述目标路由路径的目标节点之间待共享量子密钥进行加密得到的;The first ciphertext received by the ith node from the i-1th node in the target routing path is corresponding to the i-1th node sent by the i-1th node a second ciphertext; when the i is 1, the 0th node is the source node of the target routing path, and the second ciphertext corresponding to the source node of the target routing path is the target routing path And obtaining, by the second quantum key corresponding to the source node, a quantum key to be shared between the source node of the target routing path and the target node of the target routing path;其中,所述目标路由路径中的第i-1个节点对应的第二量子密钥与所述目标路由路径的第i个节点对应的第一量子密钥相同;且,所述目标路由路径中的第i个节点对应的第二量子密钥与所述目标路由路径的第i+1个节点对应的第一量子密钥相同。The second quantum key corresponding to the i-1th node in the target routing path is the same as the first quantum key corresponding to the i th node of the target routing path; and, in the target routing path The second quantum key corresponding to the i-th node is the same as the first quantum key corresponding to the i+1th node of the target routing path.
- 如权利要求8所述的设备,其特征在于,若所述N为大于1的整数,则针对经过所述第i个节点的N条路由路径中的第一路由路径和第二路由路径:The device according to claim 8, wherein if the N is an integer greater than 1, the first routing path and the second routing path in the N routing paths through the i-th node:所述第一路由路径的第i个节点对应的第一量子密钥与所述第二路由路径的第i个节点对应的第一量子密钥不同;The first quantum key corresponding to the i th node of the first routing path is different from the first quantum key corresponding to the i th node of the second routing path;所述第一路由路径的第i个节点对应的第二量子密钥与所述第二路由路径的第i个节点对应的第二量子密钥不同。The second quantum key corresponding to the i th node of the first routing path is different from the second quantum key corresponding to the i th node of the second routing path.
- 如权利要求8或9所述的设备,其特征在于,所述收发器,还用于接收集中控制器或所述目标路由路径中的第i-1个节点发送的用于指示所述第一对应关系中的所述目标路由路径的所述第i个节点对应所述目标路由路径的第一量子密钥的指示信息;The device according to claim 8 or 9, wherein the transceiver is further configured to receive, by the centralized controller or the i-1th node in the target routing path, the first The i-th node of the target routing path in the correspondence relationship corresponds to the indication information of the first quantum key of the target routing path;或者;or;所述处理器,还用于根据获取的量子通信系统的网络拓扑信息和第一预设规则确定所述第一对应关系中的所述目标路由路径的所述第i个节点对应所述目标路由路径的第一量子密钥。The processor is further configured to determine, according to the acquired network topology information of the quantum communication system, and the first preset rule, that the i th node of the target routing path in the first correspondence corresponds to the target route The first quantum key of the path.
- 如权利要求10所述的设备,其特征在于,所述处理器,用于:The device according to claim 10, wherein said processor is configured to:根据经过所述第i个节点的N条路由路径中的N个第i-1个节点的编号之间的排序关系、经过所述第i个节点的N条路由路径中的N个第i+1个节点的编号之间的排序关系,以及经过所述第i个节点的N条路由路径的编号之间的排序关系,确定出经过所述第i个节点的N条路由路径的排序,并依序确定出所述目标路由路径的所述第i个节点对应的第一量子密钥;Obtaining an order relationship between the numbers of the N th-1th nodes in the N routing paths of the i-th node, and N i++s of the N routing paths passing through the i-th node Sorting relationship between numbers of one node, and sorting relationship between numbers of N routing paths through the i-th node, determining ordering of N routing paths through the i-th node, and Determining, in sequence, a first quantum key corresponding to the i-th node of the target routing path;或者;or;根据经过所述第i个节点的N条路由路径中的N个第i+1个节点的编号之间的排序关系,以及经过所述第i个节点的N条路由路径的编号之间的排序关系,确定出经过所述第i个节点的N条路由路径的排序,并依序确定出所述目标路由路径的所述第i个节点对应的第一量子密钥;Sorting between the numbers of the N th+1th nodes in the N routing paths through the i-th node, and the ordering between the numbers of the N routing paths passing through the i-th node a relationship, determining, by the ordering of the N routing paths of the i-th node, and sequentially determining a first quantum key corresponding to the i-th node of the target routing path;或者;or;根据经过所述第i个节点的N条路由路径的编号之间的排序关系,确定出经过所述第i个节点的N条路由路径的排序,并依序确定出所述目标路由路径的所述第i个节点对应的第一量子密钥。Determining the order of the N routing paths passing the i-th node according to the sorting relationship between the numbers of the N routing paths of the i-th node, and sequentially determining the location of the target routing path The first quantum key corresponding to the i-th node.
- 如权利要求8至11任一项所述的设备,其特征在于,所述收发器,还用于接收集中控制器或所述目标路由路径对应的第i+1个节点发送的用于指示所述第二对应关系中的所述目标路由路径的所述第i个节点对应的第二量子密钥的指示信息;The device according to any one of claims 8 to 11, wherein the transceiver is further configured to receive, by the centralized controller or the i+1th node corresponding to the target routing path, an indication The indication information of the second quantum key corresponding to the i-th node of the target routing path in the second correspondence relationship;或者;or;所述处理器,还用于根据获取的量子通信系统的网络拓扑信息和第二预设规则确定所述第二对应关系中的所述目标路由路径的所述第i个节点对应的第二量子密钥。The processor is further configured to determine, according to the acquired network topology information of the quantum communication system and the second preset rule, a second quantum corresponding to the i-th node of the target routing path in the second correspondence Key.
- 如权利要求12所述的设备,其特征在于,所述处理器,用于:The device according to claim 12, wherein said processor is configured to:根据经过所述第i个节点和所述目标路由路径中的第i+1个节点的W条路由路径的编号之间的排序关系,确定出经过所述第i个节点和所述目标路由路径中的第i+1个节点的W条路由路径的排序,并依序确定出所述目标路由路径的所述第i个节点对应的第二量子密钥;所述W为不大于所述N的正整数;Determining the passing of the i-th node and the target routing path according to a sort relationship between the number of the W routing paths of the i-th node and the i+1th node in the target routing path Sorting the W routing paths of the i+1th node, and sequentially determining the second quantum key corresponding to the i th node of the target routing path; the W is not greater than the N Positive integer或者;or;根据经过所述第i个节点和所述目标路由路径中的第i+1个节点的W条路由路径中的W个第i+2个节点的编号之间的排序关系,以及经过所述第i个节点和所述目标路由路径中的第i+1个节点的W条路由路径的编号之间的排序关系,确定出经过所述第i个节点和所述目标路由路径中的第i+1个节点的W条路由路径的排序,并依序确定出所述目标路由路径的所述第i个节点对应的第二量子密钥。And according to the order relationship between the numbers of the W i+2 nodes in the W routing paths passing through the i-th node and the i+1th node in the target routing path, and And determining, by the i-th node, an order relationship between the number of the W routing paths of the i+1th node in the target routing path, and determining the i+ through the i-th node and the target routing path Sorting the W routing paths of one node, and sequentially determining the second quantum key corresponding to the i-th node of the target routing path.
- 如权利要求8至13任一项所述的设备,其特征在于,所述处理器使用所述目标路由路径的所述第i个节点对应的第三量子密钥对接收到的来自所述目标路由路径中的第i-1个节点的第一密文进行加密的第一算法满足以下公式:The apparatus according to any one of claims 8 to 13, wherein the processor receives the received target from the third quantum key pair corresponding to the i-th node of the target routing path The first algorithm for encrypting the first ciphertext of the i-1th node in the routing path satisfies the following formula:g(f E(K i-1,i-2(L j),K i-1,i(L j)),f E(K i,i-1(L j),K i,i+1(L j)))=f E(K i-1,i-2(L j),K i,i+1(L j)) g(f E (K i-1,i-2 (L j ),K i-1,i (L j )),f E (K i,i-1 (L j ),K i,i+1 (L j )))=f E (K i-1,i-2 (L j ),K i,i+1 (L j ))其中,所述L j为所述目标路由路径的标识; Wherein the L j is an identifier of the target routing path;所述K i-1,i-2(L j)为所述目标路由路径L j中第i-1个节点对应的第一量子密钥; The K i-1,i-2 (L j ) is a first quantum key corresponding to the i-1th node in the target routing path L j ;所述K i-1,i(L j)为所述目标路由路径L j中第i-1个节点对应的第二量子密钥; The K i-1,i (L j ) is a second quantum key corresponding to the i-1th node in the target routing path L j ;所述K i,i-1(L j)为所述目标路由路径L j中第i个节点对应的第一量子密钥; The K i,i-1 (L j ) is a first quantum key corresponding to the i th node in the target routing path L j ;所述K i,i+1(L j)为所述目标路由路径L j中第i个节点对应的第二量子密钥; The K i,i+1 (L j ) is a second quantum key corresponding to the i th node in the target routing path L j ;其中,f E(·)为第二算法对应的函数,所述第二算法为根据所述目标路由路径的所述第i个节点对应的第一量子密钥和所述目标路由路径的所述第i个节点对应的第二量子密钥,生成所述目标路由路径的所述第i个节点对应的第三量子密钥时所使用的算法; Wherein f E (·) is a function corresponding to the second algorithm, and the second algorithm is the first quantum key corresponding to the i-th node according to the target routing path and the target routing path An algorithm used by the second quantum key corresponding to the i-th node to generate a third quantum key corresponding to the i-th node of the target routing path;g(·)为所述第一算法对应的函数。g(·) is a function corresponding to the first algorithm.
- 一种计算机存储介质,其特征在于,所述计算机存储介质存储有计算机可执行指令,所述计算机可执行指令在被计算机调用时,使所述计算机执行如权利要求1至7任一权利要求所述的方法。A computer storage medium, characterized in that the computer storage medium stores computer executable instructions that, when invoked by a computer, cause the computer to perform any of claims 1 to 7 The method described.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19786235.2A EP3780482A4 (en) | 2018-04-13 | 2019-04-12 | Quantum key distribution method, device and storage medium |
US17/069,317 US11595196B2 (en) | 2018-04-13 | 2020-10-13 | Quantum key distribution method and device, and storage medium |
US18/166,336 US20230188334A1 (en) | 2018-04-13 | 2023-02-08 | Quantum key distribution method and device, and storage medium |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810332715.5 | 2018-04-13 | ||
CN201810332715.5A CN110380844B (en) | 2018-04-13 | 2018-04-13 | Quantum key distribution method, equipment and storage medium |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/069,317 Continuation US11595196B2 (en) | 2018-04-13 | 2020-10-13 | Quantum key distribution method and device, and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019196921A1 true WO2019196921A1 (en) | 2019-10-17 |
Family
ID=68164057
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/082405 WO2019196921A1 (en) | 2018-04-13 | 2019-04-12 | Quantum key distribution method, device and storage medium |
Country Status (4)
Country | Link |
---|---|
US (2) | US11595196B2 (en) |
EP (1) | EP3780482A4 (en) |
CN (2) | CN112865964B (en) |
WO (1) | WO2019196921A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114679257A (en) * | 2020-12-24 | 2022-06-28 | 科大国盾量子技术股份有限公司 | Multipath key relay method, transmitting device, receiving device and related equipment |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109842449B (en) * | 2017-11-24 | 2020-11-10 | 华为技术有限公司 | Apparatus and method for generating a secret key |
EP4014426A1 (en) * | 2019-08-12 | 2022-06-22 | British Telecommunications public limited company | Improvements to qkd methods |
CN110808835B (en) * | 2019-11-19 | 2021-06-29 | 北京邮电大学 | Quantum key distribution network and quantum key distribution method and device |
CN110995362B (en) * | 2019-12-06 | 2021-06-08 | 西安电子科技大学 | MDI-QKD (Dipper-Measure-of-Key-decomposition) encoding system and method using soft-core processor |
US11652619B2 (en) * | 2021-03-15 | 2023-05-16 | Evolutionq Inc. | System and method for optimizing the routing of quantum key distribution (QKD) key material in a network |
CN113033828B (en) * | 2021-04-29 | 2022-03-22 | 江苏超流信息技术有限公司 | Model training method, using method, system, credible node and equipment |
CN113315630B (en) * | 2021-05-11 | 2022-09-27 | 中国联合网络通信集团有限公司 | Block chain, quantum key distribution method and device |
CN113328853B (en) * | 2021-05-25 | 2023-09-08 | 成都量安区块链科技有限公司 | Coalition chain system for improving security by adopting quantum key |
CN113255923B (en) * | 2021-05-31 | 2021-09-14 | 湖北大学 | Quantum realization circuit of SM4 algorithm |
EP4123957A1 (en) * | 2021-07-19 | 2023-01-25 | ADVA Optical Networking SE | A method and system for performing a secure key relay of an encryption key |
CN114124388B (en) * | 2022-01-27 | 2022-05-10 | 济南量子技术研究院 | Gossip protocol synchronization method based on quantum key |
CN115021915B (en) * | 2022-06-20 | 2024-01-05 | 中国电信股份有限公司 | Key generation method, device, medium and equipment based on intelligent reflecting surface |
US20240187389A1 (en) * | 2022-12-02 | 2024-06-06 | Bank Of America Corporation | System for cloud computing security using a quantum encryption algorithm |
FR3143933A1 (en) * | 2022-12-20 | 2024-06-21 | Airbus Defence And Space Sas | METHOD FOR TRANSMITTING CONTENT USING A QUANTUM KEY DISTRIBUTION NETWORK. |
FR3145664A1 (en) * | 2023-02-02 | 2024-08-09 | Airbus Defence And Space Sas | IMPROVED METHOD FOR TRANSMITTING CONTENT USING A QUANTUM KEY DISTRIBUTION NETWORK. |
CN115913553B (en) * | 2023-03-08 | 2023-06-20 | 广东广宇科技发展有限公司 | Data encryption method based on nonlinear mapping |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004086666A2 (en) * | 2003-03-21 | 2004-10-07 | Bbnt Solutions Llc | Systems and methods for quantum cryptographic key transport |
CN105471576A (en) * | 2015-12-28 | 2016-04-06 | 科大国盾量子技术股份有限公司 | Quantum key relaying method, quantum terminal nodes and quantum key relaying system |
CN105827397A (en) * | 2015-01-08 | 2016-08-03 | 阿里巴巴集团控股有限公司 | Quantum key distribution system, method and device based on trusted relay |
CN106330434A (en) * | 2015-06-23 | 2017-01-11 | 中兴通讯股份有限公司 | First quantum node, second quantum node, secure communication architecture system and methods |
CN107248913A (en) * | 2017-07-28 | 2017-10-13 | 浙江九州量子信息技术股份有限公司 | A kind of quantum key synchronization system and method based on dynamic group net fault detect |
CN107508671A (en) * | 2017-08-18 | 2017-12-22 | 北京邮电大学 | Service communication method and device based on quantum key distribution |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050286723A1 (en) * | 2004-06-28 | 2005-12-29 | Magiq Technologies, Inc. | QKD system network |
CN101427509A (en) * | 2006-04-18 | 2009-05-06 | Magiq技术公司 | Key management and user authentication for quantum cryptography networks |
GB0801395D0 (en) * | 2008-01-25 | 2008-03-05 | Qinetiq Ltd | Network having quantum key distribution |
ES2509816T3 (en) * | 2011-08-05 | 2014-10-20 | Selex Es S.P.A. | System for the distribution of cryptographic keys |
CN108023725B (en) * | 2016-11-04 | 2020-10-09 | 华为技术有限公司 | Quantum key relay method and device based on centralized management and control network |
JP2019050453A (en) * | 2017-09-07 | 2019-03-28 | 株式会社東芝 | Communication apparatus, communication method, program and communication system |
GB2581528B (en) * | 2019-02-22 | 2022-05-18 | Toshiba Kk | A method, a communication network and a node for exchanging a cryptographic key |
-
2018
- 2018-04-13 CN CN202110057600.1A patent/CN112865964B/en active Active
- 2018-04-13 CN CN201810332715.5A patent/CN110380844B/en active Active
-
2019
- 2019-04-12 EP EP19786235.2A patent/EP3780482A4/en active Pending
- 2019-04-12 WO PCT/CN2019/082405 patent/WO2019196921A1/en active Application Filing
-
2020
- 2020-10-13 US US17/069,317 patent/US11595196B2/en active Active
-
2023
- 2023-02-08 US US18/166,336 patent/US20230188334A1/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004086666A2 (en) * | 2003-03-21 | 2004-10-07 | Bbnt Solutions Llc | Systems and methods for quantum cryptographic key transport |
CN105827397A (en) * | 2015-01-08 | 2016-08-03 | 阿里巴巴集团控股有限公司 | Quantum key distribution system, method and device based on trusted relay |
CN106330434A (en) * | 2015-06-23 | 2017-01-11 | 中兴通讯股份有限公司 | First quantum node, second quantum node, secure communication architecture system and methods |
CN105471576A (en) * | 2015-12-28 | 2016-04-06 | 科大国盾量子技术股份有限公司 | Quantum key relaying method, quantum terminal nodes and quantum key relaying system |
CN107248913A (en) * | 2017-07-28 | 2017-10-13 | 浙江九州量子信息技术股份有限公司 | A kind of quantum key synchronization system and method based on dynamic group net fault detect |
CN107508671A (en) * | 2017-08-18 | 2017-12-22 | 北京邮电大学 | Service communication method and device based on quantum key distribution |
Non-Patent Citations (1)
Title |
---|
See also references of EP3780482A4 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114679257A (en) * | 2020-12-24 | 2022-06-28 | 科大国盾量子技术股份有限公司 | Multipath key relay method, transmitting device, receiving device and related equipment |
CN114679257B (en) * | 2020-12-24 | 2023-08-22 | 科大国盾量子技术股份有限公司 | Multipath key relay method, transmitting device, receiving device and related equipment |
Also Published As
Publication number | Publication date |
---|---|
EP3780482A1 (en) | 2021-02-17 |
US20230188334A1 (en) | 2023-06-15 |
CN112865964A (en) | 2021-05-28 |
CN110380844A (en) | 2019-10-25 |
EP3780482A4 (en) | 2021-06-02 |
CN112865964B (en) | 2024-04-12 |
US11595196B2 (en) | 2023-02-28 |
US20210044432A1 (en) | 2021-02-11 |
CN110380844B (en) | 2021-01-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019196921A1 (en) | Quantum key distribution method, device and storage medium | |
US11316677B2 (en) | Quantum key distribution node apparatus and method for quantum key distribution thereof | |
Xu et al. | Lightweight and expressive fine-grained access control for healthcare Internet-of-Things | |
WO2018082345A1 (en) | Quantum key relay method and device based on centralized management and control network | |
CN110661620B (en) | Shared key negotiation method based on virtual quantum link | |
CN107689947B (en) | Data processing method and device | |
Li et al. | Efficient privacy-preserving stream aggregation in mobile sensing with low aggregation error | |
WO2019061983A1 (en) | Blockchain data uploading method, system, computer system and storage medium | |
JP6363032B2 (en) | Key change direction control system and key change direction control method | |
CN106209739A (en) | Cloud storage method and system | |
CN110677241B (en) | Quantum network virtualization architecture method and device | |
CN110690961B (en) | Quantum network function virtualization method and device | |
CN104158880A (en) | User-end cloud data sharing solution | |
CN117353925A (en) | Method and apparatus for increasing entropy of blockchain using blind result dispersion | |
CN112367163A (en) | Quantum network virtualization method and device | |
JP2018196056A (en) | Communication device and communication method | |
CN112367160A (en) | Virtual quantum link service method and device | |
JP5637139B2 (en) | Network key update system, server, network key update method and recording medium | |
Xu et al. | Stochastic resource allocation in quantum key distribution for secure federated learning | |
Döring et al. | Post-Quantum Cryptography key exchange to extend a high-security QKD platform into the mobile 5G/6G networks | |
JP6211818B2 (en) | COMMUNICATION DEVICE, COMMUNICATION METHOD, PROGRAM, AND COMMUNICATION SYSTEM | |
Saraswathi et al. | Dynamic group key management scheme for clustered wireless sensor networks | |
Auten et al. | Impact of resource-constrained networks on the performance of NIST round-3 PQC candidates | |
Chaudhari et al. | Security analysis of centralized group key management schemes for wireless sensor networks under strong active outsider adversary model | |
KR20080078511A (en) | Light-weight key renew scheme in wireless network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19786235 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2019786235 Country of ref document: EP |